Multi-Port Trick - iptables

If you've made a patch to quick fix a bug or to add a new feature not yet in the main tree then post it here so others can try it out.
Post Reply
Pedulla
Posts: 133
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

Multi-Port Trick - iptables

Post by Pedulla » Wed Mar 20, 2019 10:39 pm

Okay, multi port is cool.
By setting Options.Server.MIN_STREAMING_PORT to some value (in this example 30000) you turn it on.
Its discussed here https://medium.com/zmninja/multi-port-s ... 836a336c93

So you can configure your web server (Apache/NGINX) to listen to all those ports but that's a bit of a pain and if you are constantly adding and deleting monitors the Monitor ID (MID) can quickly go beyond the range of your listened to ports.

So I found this iptables trick to route ports to the single listening port on the server and mult-port works.

The below line

Code: Select all

iptables -t nat -A PREROUTING -p tcp --dport 30000:30200 -j REDIRECT --to-ports 443
redirects ports 30000 thru 30200 to port 443 where the zm webserver is listening. Adjust the range to what what you are comfortable with or that meets your needs.

Use

Code: Select all

iptables -L -n -t nat  --line-number
to list the rule

Don't forget to save the rules according to your distro's method so that it's persistent after reboot.

Tested with zm 1.33.4 but should work for 1.32.x
Works with zmninja
I'm running this on UB18.04 LEMP stack.

n8klayko
Posts: 33
Joined: Tue Apr 17, 2018 7:54 pm

Re: Multi-Port Trick - iptables

Post by n8klayko » Fri Feb 14, 2020 8:51 pm

Can you give more specifics to how to do this? What files needs edited?

User avatar
iconnor
Posts: 1197
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: Multi-Port Trick - iptables

Post by iconnor » Tue Feb 18, 2020 10:01 pm

That's actually very cool, I hadn't thought of that. Makes apache config a lot easier.

spammy
Posts: 6
Joined: Tue Jul 17, 2018 6:21 pm

Re: Multi-Port Trick - iptables

Post by spammy » Fri Jun 26, 2020 6:47 pm

For those who have moved to nftables, an equivalent block in nftables.conf might look like:

Code: Select all

table ip nat {
        chain prerouting {
                type nat hook prerouting priority 0; policy accept;
                tcp dport 30000-30050 redirect to 80
        }

        chain postrouting {
                type nat hook postrouting priority 0; policy accept;
        }
}

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests