I’m a beginner in networking things but due to my ISP I can only open a certain range of ports in my router to be accessible from the outside of my network (something like ports 11000-11500).
That means I can’t open port 443 to access my reverse proxy from the outside. Is it possible to redirect all traffic that’s coming from one of the ports in the range to port 443 of my server?
I haven’t found that possibility in my router (Fritzbox 7530) so is there a way to do this on my server (running Fedora Server)?
Yes, you can do it on your server with a simple iptable rule.
I’m a little rusted, but something like this should work.
iptables -t nat -A PREROUTING -d [your IP] -p tcp --dport 11500 -j DNAT --to-destination [your IP:443]
You can find more information searching for “iptables dnat”. What you are saying here is: in the prerouting table (ie: before we decide what to do with this packet) tcp connections to my IP at the port 11500 must be forwarded to my IP at port 443.
Short answer, yes, you can forward port 11500 to port 443, but it means you’ll have to go to www.yourdomain.com:11500 and this may or may not work great with you applications inside the network depending on how they are set to run.
If you are hosting for yourself, you can use something like Tailscale to access your server from outside.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| IP | Internet Protocol |
| NAT | Network Address Translation |
| SSH | Secure Shell for remote terminal access |
| VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #949 for this sub, first seen 3rd Sep 2024, 14:45] [FAQ] [Full list] [Contact] [Source code]
Yes that is possible. You can select in the UI that port A forwards to local Host B to Port B.
You could’ve only posted less info if you hadn’t posted at all…
Edit: Anyone who downvotes me here: This comment I commented doesn’t specifiy which UI of which software therefore it’s a pretty useless comment.
- you are not entitled to an answer by anyone.
- you are already there. Your router does support that, you just need to select it in the UI.
So, here’s a page from the online manual that specifies how to do this specifically for the FritzBox 7530
Based on the original post though I am 100% sure that OP has already seen this page, already tried it, and therefore knows that the warning under 2.10.b. applies to the OP’s case (i.e. FritzBox doesn’t allow it from UI because the ISP doesn’t allow it - that honestly had me wondering just how the FritzBox knows the ISP doesn’t allow it, but that’s a different topic).
that honestly had me wondering just how the FritzBox knows the ISP doesn’t allow it, but that’s a different topic
Because the Fritzbox uses a DS-Lite tunnel.
