BTSync Local RaspberryPi

[MRACHINI]

Hello,

I'm trying to setup BTSync on all my RaspberryPi devices, without any kind of connections to the outside world.

So i installed "UFW" (the firewall) and i blocked everything except local communications, using these commands:

ufw default deny incoming

ufw default deny outgoing

sudo ufw allow from 192.168.0.0/24

sudo ufw allow to 192.168.0.0/24

firewall is working perfectly.

so now my Raspis are all blocked from the internet, and i can browse to BTSync webui 8888 just fine, but when i add the same folder to all of them and my laptop too, they don't discover each other, i enabled DHT just in case.

also i should mention that i don't want to add predefined hosts.

so i think i should open a port or ip for traker server or something!!!

some clarification please

Thank You

[toomanydata]

doesn't the pi need to communicate with the tracker? (thereby making your firewall rules too restrictive)?

[MRACHINI]

well i blocked everything exept local connections

but i want BTSync to work with the least internet bandwidth possible, so what ips or ports should i unblock ?

[greentown]

Hi,

As far as I know, if you mark the "Search LAN" option, it should work on a LAN, using multicast, without any access to the internet. Judging by your firewall rules, multicast should already be allowed. Do you have all devices in the same LAN or is there a router in between? Do you have several network interfaces in your rpi?

Also have a look at this, it may help:

http://forum.bittorrent.com/topic/20144-local-lan-discovery-sends-multicast-out-eth0/

Good luck

[Guest idef1x]

Local LAN discovery works via multicast, so also allow traffic from/to 239.192.0.0 on port 3838 (UDP)

See also post :

[MRACHINI]

Hi,

As far as I know, if you mark the "Search LAN" option, it should work on a LAN, using multicast, without any access to the internet. Judging by your firewall rules, multicast should already be allowed. Do you have all devices in the same LAN or is there a router in between? Do you have several network interfaces in your rpi?

Also have a look at this, it may help:

http://forum.bittorr...icast-out-eth0/

Good luck

no i have only one router, and all devices are connected to it.

i already tried to allow 239.192.0.0 on all ports just in case but it didn't work, i'll try if i should specify if its udp for it to work.

Thank You

[MRACHINI]

ok i did

sudo ufw allow from 239.192.0.0

sudo ufw allow to 239.192.0.0

&

sudo ufw allow from 239.192.0.0 to any port 3838

sudo ufw allow to 239.192.0.0 from any port 3838

also

ufw allow 3838/udp

just in case but still doesn't work

[MRACHINI]

Local LAN discovery works via multicast, so also allow traffic from/to 239.192.0.0 on port 3838 (UDP)

See also post : http://forum.bittorr...icast-out-eth0/

still not working !

[Harold Feit]

that multicast range is a /14

You may need to add that to the rules.

[MRACHINI]

that multicast range is a /14

You may need to add that to the rules.

yep that made it work i guess.

Thank You

[MRACHINI]

i got this at the end:

ufw default deny incoming

ufw default deny outgoing

sudo ufw allow from 192.168.0.100/24

sudo ufw allow to 192.168.0.100/24

sudo ufw allow from 239.192.0.0/14

sudo ufw allow to 239.192.0.0/14

[MRACHINI]

aahh i spoke too soon, after adding these rules to the RasPi firewall, it detects other devices but doesn't resolve the name from IP address, and other devices don't detect the RasPi at all.

[greentown]

I haven't used ufw myself, but I think that you should turn logging on and see what's being blocked by the firewall. Then you'll just have to allow that kind of traffic.

[MRACHINI]

this is all i can c in log, many many lines of this.

[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97

I've already unblocked this!

[capi]

I never worked with UFW, but is it possible that your rules allowed only TCP and not UDP?

[LazyWolf]

this is all i can c in log, many many lines of this.

[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97

I've already unblocked this!

Maybe try...

ufw allow from any to 239.192.0.0/14 port 3838 proto udp

[greentown]

this is all i can c in log, many many lines of this.

[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97

I've already unblocked this!

If you're getting those logs, you've clearly not unblocked it (yet). You almost have it!

[MRACHINI]

Maybe try...

ufw allow from any to 239.192.0.0/14 port 3838 proto udp

ok

added

ufw allow from any to 239.192.0.0/14 port 3838 proto udp

ufw allow from 239.192.0.0/14 to any port 3838 proto udp

still the same

[uFW BLOCK] IN= OUT=eth0 SRC=192.168.0.123 DST=239.192.0.0 LEN=117 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=3838 DPT=3838 LEN=97

[MRACHINI]

i read about a bug with UFW dropping multicast traffic when policy is set to deny. but its old (2011)

[LazyWolf]

Maybe...

sudo ufw allow out 3838/udp

[MRACHINI]

still the same, I'm gonna use another firewall