Add support for port ranges in add-on config.yaml

We are creating a new Asterisk SIP server add-on for helping setting up doorbell calls through Home Assistant. There, however, it’s needed to forward a range of ports for RTP communication.

What we are doing today is this:

Which is far from ideal. Also, Asterisk recommends a bigger range, which could not be achieved adding all (let’s say, 100) ports in the UI.

It would be awesome if this new feature could be supported. If any hints about its implementation (like where things should go, I think I can send a PR as well).

Honestly… if you need all that just run the addon on the host network.

hi, when running on host network , the add-on still gets an ip of the 172.x range, so thats still an issue then ?

it would be great if we could enable “macvlan”, so the container gets an direct IP address of the dhcp server on local lan ?

is that possible with add-ons.?

When you use host network the ports are reachable on the host IP.

No way, there are many discouragements of doing that:

  1. I don’t need to expose all the ports of the service, some can be accessed through docker internal network using the add-on hostname

  2. Ports could potentially overlap, with network host there is no option to map one port to another

Very dangerous for such a simple case… This is a feature of docker anyway.

There is no problem in the add-on receiving the 172.x IP internally. Is there? :slight_smile:

host_network can indeed do the trick for us, but it’s very discouraged.

References: Add more RTP ports as default · Issue #33 · TECH7Fox/Asterisk-add-on · GitHub

The traccar addon also has an enormous amount of ports, it uses host network

no, that isnt a problem

but how to make port forwarding rules from a router ? will that work?
lets say addon gets 172.x , the host is 192.168.0.100

opening ports in router to 192.168.0.100 , will that work then?

Yes, all normal, the way you do today. Just use the IP of your HA host.

For example, Asterisk opens way more ports than we actually need. Without host_network they don’t actually get exposed to the outside network, which is a good thing.

Yeah, but it’s still not a huge problem, because you still have to forward the port range from the router, and you can forward less ports than are actually exposed.

Well… you are considering that the local network is a safe place. What if it’s not? lol.

By the way, we switched to host_network for now. Thank you for the suggestion.

But, it would be very welcome the ability of mapping port ranges. I think there isn’t any single drawback of adding such a feature. Is there?

Well obviously the answer to “what if it’s not” - is that there are much bigger problems, if your local network is not “safe”.

It’s a option in docker for a reason. This is quite a simple and basic feature and would be very useful for certain use cases.

1 Like