Map a range of ports to another range of ports (equal lengths of ranges)












1















In this answer, How can I open a range of ports in ubuntu using (g)ufw, a simple command for opening a range of ports is given.



For example, using this command I can open the ports 1000-1999 very easily for my firewall on my local machine.



Now, though, I would like to set-up port forwarding on the local machine, so that:




  • Port 1001 forwards to port 1

  • Port 1002 forwards to port 2

  • Port 1003 forwards to port 3

  • ... etc

    • -

Does anyone have a simple bash script for doing this?



I have to do this for multiple machines on a local network. Constraints by the router are making this more difficult than it needs to be.



So machine A, ports 1000-1999 on the router would be opened to link to machine A. On machine A, they would be forwarded to the traditional port. For machine B, ports 2000-2999 on the router would be used (mapped to the appropriate port locally). Etc






networking ssh iptables firewall







share|improve this question


















  • 1





    Please tell us exactly what you're trying to accomplish with all of this port forwarding. It sounds like you're making this more complicated than it needs to be.

    – heynnema
    Jan 8 at 18:15











  • I agree, but it has to do with the router's constraints. I can specify a range of ports to receive in the router, but only map within the router to "SAME" or "SINGLE" ports at the host -- I can't specify a range of ports to map from within the router.

    – nick carraway
    Jan 8 at 19:15
















1















In this answer, How can I open a range of ports in ubuntu using (g)ufw, a simple command for opening a range of ports is given.



For example, using this command I can open the ports 1000-1999 very easily for my firewall on my local machine.



Now, though, I would like to set-up port forwarding on the local machine, so that:




  • Port 1001 forwards to port 1

  • Port 1002 forwards to port 2

  • Port 1003 forwards to port 3

  • ... etc

    • -

Does anyone have a simple bash script for doing this?



I have to do this for multiple machines on a local network. Constraints by the router are making this more difficult than it needs to be.



So machine A, ports 1000-1999 on the router would be opened to link to machine A. On machine A, they would be forwarded to the traditional port. For machine B, ports 2000-2999 on the router would be used (mapped to the appropriate port locally). Etc






networking ssh iptables firewall







share|improve this question


















  • 1





    Please tell us exactly what you're trying to accomplish with all of this port forwarding. It sounds like you're making this more complicated than it needs to be.

    – heynnema
    Jan 8 at 18:15











  • I agree, but it has to do with the router's constraints. I can specify a range of ports to receive in the router, but only map within the router to "SAME" or "SINGLE" ports at the host -- I can't specify a range of ports to map from within the router.

    – nick carraway
    Jan 8 at 19:15














1












1








1








In this answer, How can I open a range of ports in ubuntu using (g)ufw, a simple command for opening a range of ports is given.



For example, using this command I can open the ports 1000-1999 very easily for my firewall on my local machine.



Now, though, I would like to set-up port forwarding on the local machine, so that:




  • Port 1001 forwards to port 1

  • Port 1002 forwards to port 2

  • Port 1003 forwards to port 3

  • ... etc

    • -

Does anyone have a simple bash script for doing this?



I have to do this for multiple machines on a local network. Constraints by the router are making this more difficult than it needs to be.



So machine A, ports 1000-1999 on the router would be opened to link to machine A. On machine A, they would be forwarded to the traditional port. For machine B, ports 2000-2999 on the router would be used (mapped to the appropriate port locally). Etc






networking ssh iptables firewall







share|improve this question














In this answer, How can I open a range of ports in ubuntu using (g)ufw, a simple command for opening a range of ports is given.



For example, using this command I can open the ports 1000-1999 very easily for my firewall on my local machine.



Now, though, I would like to set-up port forwarding on the local machine, so that:




  • Port 1001 forwards to port 1

  • Port 1002 forwards to port 2

  • Port 1003 forwards to port 3

  • ... etc

    • -

Does anyone have a simple bash script for doing this?



I have to do this for multiple machines on a local network. Constraints by the router are making this more difficult than it needs to be.



So machine A, ports 1000-1999 on the router would be opened to link to machine A. On machine A, they would be forwarded to the traditional port. For machine B, ports 2000-2999 on the router would be used (mapped to the appropriate port locally). Etc






networking ssh iptables firewall




networking ssh iptables firewall






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 8 at 15:59









nick carrawaynick carraway

1308




1308








  • 1





    Please tell us exactly what you're trying to accomplish with all of this port forwarding. It sounds like you're making this more complicated than it needs to be.

    – heynnema
    Jan 8 at 18:15











  • I agree, but it has to do with the router's constraints. I can specify a range of ports to receive in the router, but only map within the router to "SAME" or "SINGLE" ports at the host -- I can't specify a range of ports to map from within the router.

    – nick carraway
    Jan 8 at 19:15














  • 1





    Please tell us exactly what you're trying to accomplish with all of this port forwarding. It sounds like you're making this more complicated than it needs to be.

    – heynnema
    Jan 8 at 18:15











  • I agree, but it has to do with the router's constraints. I can specify a range of ports to receive in the router, but only map within the router to "SAME" or "SINGLE" ports at the host -- I can't specify a range of ports to map from within the router.

    – nick carraway
    Jan 8 at 19:15








1




1





Please tell us exactly what you're trying to accomplish with all of this port forwarding. It sounds like you're making this more complicated than it needs to be.

– heynnema
Jan 8 at 18:15





Please tell us exactly what you're trying to accomplish with all of this port forwarding. It sounds like you're making this more complicated than it needs to be.

– heynnema
Jan 8 at 18:15













I agree, but it has to do with the router's constraints. I can specify a range of ports to receive in the router, but only map within the router to "SAME" or "SINGLE" ports at the host -- I can't specify a range of ports to map from within the router.

– nick carraway
Jan 8 at 19:15





I agree, but it has to do with the router's constraints. I can specify a range of ports to receive in the router, but only map within the router to "SAME" or "SINGLE" ports at the host -- I can't specify a range of ports to map from within the router.

– nick carraway
Jan 8 at 19:15










1 Answer
1






active

oldest

votes


















0














[Mostly Stolen from the Internet]



Enable IP forwarding:



sysctl net.ipv4.ip_forward=1



Use the "nat" table to forward traffic:



iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination X.X.X.X:80



Don't forget about HTTPS:



iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination X.X.X.X:443


Ask iptables to masquerade:



 iptables -t nat -A POSTROUTING -j MASQUERADE


....and if you want that for each port in a range, i suggest something alike:



 #!/bin/bash

 y=0;  //first port to map to = 1, but y++ happens before mapping, so 0

 for i in {2000..2999}

    do

       ((y++));  

       echo "forwarding port $i to port $y";

       iptables -t nat -A PREROUTING -p tcp --dport $i -j DNAT --to-destination X.X.X.X:$y;

 done


Note:




  • system ports 1-1000 are reserved, so the above script is a bad idea
    ;)

  • offcourse substitute X.X.X.X with localhost or wherever you want
    to nat-forward






share|improve this answer
























  • But if I'm mapping TO 1-1000, then it doesn't matter?

    – nick carraway
    Jan 8 at 19:16






  • 1





    no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    – Gewure
    Jan 8 at 19:46






  • 1





    Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

    – Gewure
    Jan 8 at 19:47






  • 1





    Oh right duh. i would disturb an underlying system process listening on that port.

    – nick carraway
    Jan 8 at 21:45











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1108042%2fmap-a-range-of-ports-to-another-range-of-ports-equal-lengths-of-ranges%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














[Mostly Stolen from the Internet]



Enable IP forwarding:



sysctl net.ipv4.ip_forward=1



Use the "nat" table to forward traffic:



iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination X.X.X.X:80



Don't forget about HTTPS:



iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination X.X.X.X:443


Ask iptables to masquerade:



 iptables -t nat -A POSTROUTING -j MASQUERADE


....and if you want that for each port in a range, i suggest something alike:



 #!/bin/bash

 y=0;  //first port to map to = 1, but y++ happens before mapping, so 0

 for i in {2000..2999}

    do

       ((y++));  

       echo "forwarding port $i to port $y";

       iptables -t nat -A PREROUTING -p tcp --dport $i -j DNAT --to-destination X.X.X.X:$y;

 done


Note:




  • system ports 1-1000 are reserved, so the above script is a bad idea
    ;)

  • offcourse substitute X.X.X.X with localhost or wherever you want
    to nat-forward






share|improve this answer
























  • But if I'm mapping TO 1-1000, then it doesn't matter?

    – nick carraway
    Jan 8 at 19:16






  • 1





    no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    – Gewure
    Jan 8 at 19:46






  • 1





    Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

    – Gewure
    Jan 8 at 19:47






  • 1





    Oh right duh. i would disturb an underlying system process listening on that port.

    – nick carraway
    Jan 8 at 21:45
















0














[Mostly Stolen from the Internet]



Enable IP forwarding:



sysctl net.ipv4.ip_forward=1



Use the "nat" table to forward traffic:



iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination X.X.X.X:80



Don't forget about HTTPS:



iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination X.X.X.X:443


Ask iptables to masquerade:



 iptables -t nat -A POSTROUTING -j MASQUERADE


....and if you want that for each port in a range, i suggest something alike:



 #!/bin/bash

 y=0;  //first port to map to = 1, but y++ happens before mapping, so 0

 for i in {2000..2999}

    do

       ((y++));  

       echo "forwarding port $i to port $y";

       iptables -t nat -A PREROUTING -p tcp --dport $i -j DNAT --to-destination X.X.X.X:$y;

 done


Note:




  • system ports 1-1000 are reserved, so the above script is a bad idea
    ;)

  • offcourse substitute X.X.X.X with localhost or wherever you want
    to nat-forward






share|improve this answer
























  • But if I'm mapping TO 1-1000, then it doesn't matter?

    – nick carraway
    Jan 8 at 19:16






  • 1





    no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    – Gewure
    Jan 8 at 19:46






  • 1





    Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

    – Gewure
    Jan 8 at 19:47






  • 1





    Oh right duh. i would disturb an underlying system process listening on that port.

    – nick carraway
    Jan 8 at 21:45














0












0








0







[Mostly Stolen from the Internet]



Enable IP forwarding:



sysctl net.ipv4.ip_forward=1



Use the "nat" table to forward traffic:



iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination X.X.X.X:80



Don't forget about HTTPS:



iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination X.X.X.X:443


Ask iptables to masquerade:



 iptables -t nat -A POSTROUTING -j MASQUERADE


....and if you want that for each port in a range, i suggest something alike:



 #!/bin/bash

 y=0;  //first port to map to = 1, but y++ happens before mapping, so 0

 for i in {2000..2999}

    do

       ((y++));  

       echo "forwarding port $i to port $y";

       iptables -t nat -A PREROUTING -p tcp --dport $i -j DNAT --to-destination X.X.X.X:$y;

 done


Note:




  • system ports 1-1000 are reserved, so the above script is a bad idea
    ;)

  • offcourse substitute X.X.X.X with localhost or wherever you want
    to nat-forward






share|improve this answer













[Mostly Stolen from the Internet]



Enable IP forwarding:



sysctl net.ipv4.ip_forward=1



Use the "nat" table to forward traffic:



iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination X.X.X.X:80



Don't forget about HTTPS:



iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination X.X.X.X:443


Ask iptables to masquerade:



 iptables -t nat -A POSTROUTING -j MASQUERADE


....and if you want that for each port in a range, i suggest something alike:



 #!/bin/bash

 y=0;  //first port to map to = 1, but y++ happens before mapping, so 0

 for i in {2000..2999}

    do

       ((y++));  

       echo "forwarding port $i to port $y";

       iptables -t nat -A PREROUTING -p tcp --dport $i -j DNAT --to-destination X.X.X.X:$y;

 done


Note:




  • system ports 1-1000 are reserved, so the above script is a bad idea
    ;)

  • offcourse substitute X.X.X.X with localhost or wherever you want
    to nat-forward







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 8 at 17:18









GewureGewure

33229




33229













  • But if I'm mapping TO 1-1000, then it doesn't matter?

    – nick carraway
    Jan 8 at 19:16






  • 1





    no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    – Gewure
    Jan 8 at 19:46






  • 1





    Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

    – Gewure
    Jan 8 at 19:47






  • 1





    Oh right duh. i would disturb an underlying system process listening on that port.

    – nick carraway
    Jan 8 at 21:45



















  • But if I'm mapping TO 1-1000, then it doesn't matter?

    – nick carraway
    Jan 8 at 19:16






  • 1





    no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

    – Gewure
    Jan 8 at 19:46






  • 1





    Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

    – Gewure
    Jan 8 at 19:47






  • 1





    Oh right duh. i would disturb an underlying system process listening on that port.

    – nick carraway
    Jan 8 at 21:45

















But if I'm mapping TO 1-1000, then it doesn't matter?

– nick carraway
Jan 8 at 19:16





But if I'm mapping TO 1-1000, then it doesn't matter?

– nick carraway
Jan 8 at 19:16




1




1





no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

– Gewure
Jan 8 at 19:46





no.. you cannot map to 1-1000 unless you know what you are doing. You should never map a range to 1-1000. ofc, if you want e.g. to map 8080 to 443 or 80, thats perfectly ok, but the <1000 ports are considered reserved and in most cases shouldn't be all mapped to. check out: en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

– Gewure
Jan 8 at 19:46




1




1





Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

– Gewure
Jan 8 at 19:47





Quote "The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[2] They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.[4]"

– Gewure
Jan 8 at 19:47




1




1





Oh right duh. i would disturb an underlying system process listening on that port.

– nick carraway
Jan 8 at 21:45





Oh right duh. i would disturb an underlying system process listening on that port.

– nick carraway
Jan 8 at 21:45


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1108042%2fmap-a-range-of-ports-to-another-range-of-ports-equal-lengths-of-ranges%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Human spaceflight

Image
Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
Read more

Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

Image
0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
Read more

File:DeusFollowingSea.jpg

Image
File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
Read more