1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Scriptable port forwarding

Discussion in 'Asuswrt-Merlin' started by natenate, Jun 7, 2020.

  1. natenate

    natenate New Around Here

    Joined:
    Oct 28, 2019
    Messages:
    2
    I run a number of services in my network which I access from outside of my home in a cluster of RaspberryPis. The entire architecture is automated using Consul for service discovery and Traefik as a reverse proxy. The only weak link in my high availability setup is port-forwarding ports 80 and 443 from my RT-AC68U running Asuswrt-Merlin which requires a manual change if the node running my reverse proxy ever changes. My preferred architecture would provide high availability by having the internal IP address of the port forward update automatically if the node running Traefik changes by querying the Consul service catalog.

    Is it possible to script updates to the port forwarding table?
     
  2. itpp20

    itpp20 Occasional Visitor

    Joined:
    May 30, 2020
    Messages:
    16
  3. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    3,392
    Location:
    UK
    Here is a crude script PortForward.sh which was designed to be used during the BOOT process for bulk uploading of Port Forward rules to circumvent the v384.xx NVRAM size restriction

    It is probably overkill, but you should be able to extract the single line that physically deletes/creates the actual iptables rule

    A user defined file containing the desired new Port Forwards

    e.g. demonstrate adding two Port Forward rules 33380/33381 for two NAS apps
    Code:
    # Service Name    Source IP    Port Range    Local IP    Local Port    Protocol
    
    #Dummy TCP Service,,12345,192.168.1.99,8081,TCP
    #Dummy UDP Service,,54321,192.168.1.88,30088,UDP
    #Dummy ? Service,,20077,192.168.1.77,20077,
    #INVALID Service,,12345,192.168.1.66,20066,wot
    #Both TCP/UDP Service,,55555,192.168.1.55,20066,both
    #FROM TCP Service,192.168.99.500,44444,192.168.1.44,44444,tcp
    
    Photo Station DS-416,,33380,192.168.1.197,80,tcp
    <Photo Station DS-110J>>33381>192.168.1.195>80>TCP
    
     
  4. natenate

    natenate New Around Here

    Joined:
    Oct 28, 2019
    Messages:
    2
    @Martineau thank you for pointing me in that direction. That looks like exactly what I'd need. When I get the final script up and running I'll link it for posterity.
     
    Last edited: Jun 7, 2020