traefik icon indicating copy to clipboard operation
traefik copied to clipboard
Published 2 weeks ago verified publisher icon traefik

Port Ranges for entryPoints

Open Handrail9 opened this issue 11 months ago • 1 comments

Welcome!

  • [x] Yes, I've searched similar issues on GitHub and didn't find any.
  • [x] Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you expect to see?

I am re-opening issue #1677 which was opened back in 2017 and closed due to age in 2018. I am re-opening the issue/requesting the feature due to the fact I would like anything I expose publicly on my infrastructure to be filtered through Traefik. One of the things I would like to host is Matrix which requests the range 49152-49172/udp for TURN over UDP. It would make life a lot easier to be able to define address: :49152-:49172/udp rather than

...
TURN port 1:
  address: :49152/udp
TURN port 2
  address: :49153/udp
TURN port 3:
  address: :49154/udp
TURN port 4:
  address: :49155/udp
...

so on and so fourth. If more details are needed or if there is anything I can do to improve this feature request please let me know.

Handrail9 avatar Dec 31 '24 19:12 Handrail9

Hey @Handrail9.

Thanks for your suggestion.

We are interested in this issue, but we’re unsure about the use case and the traction it will receive. We are going to leave the status as kind/proposal to give the community time to let us know if they would like this idea.

We will reevaluate as people respond.

Conversation is time-boxed to 6 months.

nmengin avatar Jan 06 '25 13:01 nmengin

I hope this helps for an example.

With Pangolin using Traefik and allowing you to create tunnels using their NEWT system, I have to edit the Traefik config and restart it each time I create a new tunnel.

  udp-10000:
    address: ":10000/tcp"
  udp-10002:
    address: ":10002/tcp"
  tcp-10100:
    address: ":10100/tcp"
  web:
    address: ':80'
  websecure:
    address: ':443'
    transport:
      respondingTimeouts:
        readTimeout: 30m
    http:
      tls:
        certResolver: letsencrypt

I want to pre-create a range of ports E.g. 10000 to 10100 that will be available for tunnels. The Traefik endpoint is open to receive traffic, but the internal tunnels will only be available if the Newt connection to the remote site is up, and the tunnels enabled.

Pangolin+Newt has an Active TCP connect that supports reverse tunnels. (Similar to SSH reverse tunnels) SITE A has 5 servers SITE B has 1 server I can setup reverse tunnels that access specific ports on those servers on each site.

Example:

Newt for SITE A is connected and has a reverse tunnel setup locally to TCP Port 10000 (Treafik) and routes to SITE A server A1 port 443. TCP port 10100 (traefik) is linked to the Newt port that would connect to SITE A Server A2 port 22. SITE B is connected and TCP port 10002 (traefik)connects to server B3 port 443.

If I could have a port range that is active, I just have to setup the NEWT tunnels and the connection should work. Then once I have reached 100 ports, I can update the config for the next 100.

LeonvanHeerden avatar Mar 31 '25 16:03 LeonvanHeerden

Hello,

This proposal was opened more than 6 months ago with almost no traction.

We won't add it to the Roadmap yet and we prefer to close it.

We'll re-open it later if necessary.

Thank you @Handrail9 for the suggestion and @LeonvanHeerden for your comments.

nmengin avatar May 15 '25 13:05 nmengin