Multi-Port Trick - iptables

If you've made a patch to quick fix a bug or to add a new feature not yet in the main tree then post it here so others can try it out.
Post Reply
Pedulla
Posts: 167
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

Multi-Port Trick - iptables

Post by Pedulla »

Okay, multi port is cool.
By setting Options.Server.MIN_STREAMING_PORT to some value (in this example 30000) you turn it on.
Its discussed here https://medium.com/zmninja/multi-port-s ... 836a336c93

So you can configure your web server (Apache/NGINX) to listen to all those ports but that's a bit of a pain and if you are constantly adding and deleting monitors the Monitor ID (MID) can quickly go beyond the range of your listened to ports.

So I found this iptables trick to route ports to the single listening port on the server and mult-port works.

The below line

Code: Select all

iptables -t nat -A PREROUTING -p tcp --dport 30000:30200 -j REDIRECT --to-ports 443
redirects ports 30000 thru 30200 to port 443 where the zm webserver is listening. Adjust the range to what what you are comfortable with or that meets your needs.

Use

Code: Select all

iptables -L -n -t nat  --line-number
to list the rule

Don't forget to save the rules according to your distro's method so that it's persistent after reboot.

Tested with zm 1.33.4 but should work for 1.32.x
Works with zmninja
I'm running this on UB18.04 LEMP stack.
n8klayko
Posts: 33
Joined: Tue Apr 17, 2018 7:54 pm

Re: Multi-Port Trick - iptables

Post by n8klayko »

Can you give more specifics to how to do this? What files needs edited?
User avatar
iconnor
Posts: 2881
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: Multi-Port Trick - iptables

Post by iconnor »

That's actually very cool, I hadn't thought of that. Makes apache config a lot easier.
spammy
Posts: 6
Joined: Tue Jul 17, 2018 6:21 pm

Re: Multi-Port Trick - iptables

Post by spammy »

For those who have moved to nftables, an equivalent block in nftables.conf might look like:

Code: Select all

table ip nat {
        chain prerouting {
                type nat hook prerouting priority 0; policy accept;
                tcp dport 30000-30050 redirect to 80
        }

        chain postrouting {
                type nat hook postrouting priority 0; policy accept;
        }
}
Post Reply