Hi @AdeelKhan 

AdeelKhan wrote

 @Clive_A 

Q1/24 is far away, can you please ask dev team if they can send a patch for me?

I can't guarantee anything because many things are not determined by me. But the word I got from the dev leader is that will push and see if we can provide a solution next week. If delayed, please understand. That's a little bit assuring, at least.

Hi @AdeelKhan

Regarding the issue you experienced, I got a reply from the dev team. After evaluation of your requests and your scheme, it is very hard to implement this.

Concerns are

1. Due to the specialty of the iptables, it is hard to achieve what you asked for. For the first sever, it should be fine. But for the Server 2 and Server 3 you described in the OP, that'll be troublesome.

To make the different port ranges, i.e. Server 2, external 1001-2000 and internal 1-1000, will create 1000 entries which will extremely affect the memory and forward efficiency of the device. Eventually, the overall performance will be affected.

https://stackoverflow.com/questions/23652154/iptables-forward-port-range-to-another-port-range-on-a-different-host

2. After some investigation on our competitors, UBNT, it can only achieve the same port range forward. They did a test on the UBNT products.

Recommend you use the same range port forward now.

I am afraid that the dev is reluctant to produce a beta at this moment after this evaluation. And it is possible to abort this from the roadmap. I am not sure yet. If you'd like to know, I can follow up on this with the dev team.

Now, it is hard to estimate how much performance will be affected if we indeed make firmware to support this. If you insist, I'll check again with the dev and see if there are any other concerns.

Hi @AdeelKhan 

Thanks for posting in our business forum.

AdeelKhan wrote

Hey  @Clive_A 👋

Thank you so much for getting in touch and reaching out to me every time with an update, I appreciate that!

 

1. The iptables is indeed smart with that but I think it shouldn't effect memory or resources of your router, because for one host, it still saves the port mapping bindings, I believe it shouldn't effect memory much while mapping for just one server or multiple.

 

Also, the stackoverflow post you've mentioned doesn't use proper way to map 1:1 ports for multiple hosts, for that you need to you slash (/) with the destination ports to define the starting port number of the source ports so it maps 1:1.

 

2. Sorry maybe I didn't understand it properly, ubnt routers do support what I need or not?

 

P.S. please have a word again with your dev team because I don't think so it will effect memory, right now I am using a raspberry pie as a router to test with hundreds of server, it uses very less memory (probs 1-2%).

I am simply iterating what the dev told me. UBNT only supports int 1-1000, and ext 1-1000 mapping. Not supporting int 1-1000, ext 1001-2000, this format.

I was informed that there is no way to use a single line of iptables to achieve that. But to port forward Server 2 and 3, that'll take individually 1000 entries.