fix: cut out some spare ports & fixed exposable ranges

maxskorr · maxskorr · commit 11e7d6197eac · 2025-07-07T00:41:57.000+02:00
diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@
 
 ## Key Concepts
 
-- **GATEWAY** – a Linux-based machine with Docker installed, a public IP address, and the following open ports: 80/tcp, 443/tcp, 4060/tcp, 51820/udp and 32420-32430/tcp+udp. This node acts as the ingress gateway and an entry point to your published services.
+- **GATEWAY** – a Linux-based machine with Docker installed, a public IP address, and the following open ports: 80/tcp, 443/tcp, 4060/tcp, 51820/udp and 32420-32421/tcp+udp. This node acts as the ingress gateway and an entry point to your published services.
 - **CLIENT** – any number of laptops/PCs that will connect to the WireGuard network to manage the ingress network and expose services from their local machines to the Internet.
 - **SERVER** *(optional)* – one or more Linux-based machines (with Docker) that run the workloads you want to expose. These nodes join the same private WireGuard network, provided by the GATEWAY.
 
@@ -257,15 +257,15 @@ wireport gateway up sshuser@140.120.110.10:22 --ssh-key-path ~/.ssh/id_rsa --ssh
 * 80/tcp and 443/tcp (HTTP/HTTPS)
 * 4060/tcp (Wireport control channel)
 * 51820/udp (WireGuard)
-* 32420-32430/tcp+udp (reserved ports for exposing services with wireport)
+* 32420-32421/tcp+udp (reserved ports for exposing services with wireport)
 
 Example with UFW:
 
 ```bash
 sudo ufw allow 22,80,443,4060/tcp
 sudo ufw allow 51820/udp
-sudo ufw allow 32420:32430/tcp
-sudo ufw allow 32420:32430/udp
+sudo ufw allow 32420:32421/tcp
+sudo ufw allow 32420:32421/udp
 sudo ufw enable
 ```
 
diff --git a/app/cmd/server/commands/service.go b/app/cmd/server/commands/service.go
@@ -72,7 +72,7 @@ var PublishServiceCmd = &cobra.Command{
 	Long: `Publish a new public service that should be exposed to the Internet.
 	
 	Supported protocols: tcp, udp, http, https
-	Supported public ports: 80, 443, 32420-32430 (tcp+udp; should be open in the firewall on the gateway node)
+	Supported public ports: 80, 443, 32420-32421 (tcp+udp; should be open in the firewall on the gateway node)
 	Supported local ports: any
 	Supported local hosts: private IP addresses (e.g. 10.0.0.2) of CLIENT and SERVER nodes on wireport network
 	
diff --git a/app/cmd/server/main.go b/app/cmd/server/main.go
@@ -20,7 +20,7 @@ var rootCmd = &cobra.Command{
 
 Key Concepts:
 
-- GATEWAY – a Linux-based machine with Docker installed, a public IP address, and the following open ports: 80/tcp, 443/tcp, 4060/tcp, 51820/udp and, optionally, 32420-32430/tcp+udp. This node acts as the ingress gateway and an entry point to your published services.
+- GATEWAY – a Linux-based machine with Docker installed, a public IP address, and the following open ports: 80/tcp, 443/tcp, 4060/tcp, 51820/udp and, optionally, 32420-32421/tcp+udp. This node acts as the ingress gateway and an entry point to your published services.
 - CLIENT – any number of laptops/PCs that will connect to the WireGuard network to manage the ingress network and expose services.
 - SERVER (optional) – one or more Linux-based machines (with Docker) that run the workloads you want to expose. These nodes join the same private WireGuard network, provided by the GATEWAY.
 
@@ -47,7 +47,7 @@ Now you should be able to access the Docker-based services from your local machi
 
 If the installation process fails, or the service is not accessible over the Internet, make sure that:
 
-- the required ports are open on the gateway VPS (80/tcp, 443/tcp, 4060/tcp, 51820/udp and, optionally, 32420-32430/tcp+udp)
+- the required ports are open on the gateway VPS (80/tcp, 443/tcp, 4060/tcp, 51820/udp and, optionally, 32420-32421/tcp+udp)
 - there's a correct DNS A-record, pointing to your gateway VPS
 - the gateway VPS has docker installed
 - the ssh user, used for bootstraping the gateway VPS, is allowed to run docker commands on the gateway VPS
diff --git a/app/internal/templates/scripts/up/gateway.hbs b/app/internal/templates/scripts/up/gateway.hbs
@@ -2,7 +2,7 @@ docker pull {{ wireportGatewayContainerImage }} && docker run -d -it --privilege
 	-p 80:80/tcp -p 443:443/tcp \
 	-p 51820:51820/udp \
 	-p 4060:4060/tcp \
-	-p 32420-32430/tcp -p 32420-32430/udp \
+	-p 32420-32421:32420-32421/tcp -p 32420-32421:32420-32421/udp \
 	-e DATABASE_PATH=/app/wireport/wireport.db \
 	-v /var/run/docker.sock:/var/run/docker.sock \
 	-v ~/.wireport-docker/gateway:/app/wireport \
diff --git a/app/internal/templates/scripts/upgrade/gateway.hbs b/app/internal/templates/scripts/upgrade/gateway.hbs
@@ -5,7 +5,7 @@ docker run -d -it --privileged --sysctl "net.ipv4.ip_forward=1" --sysctl "net.ip
 	-p 80:80/tcp -p 443:443/tcp \
 	-p 51820:51820/udp \
 	-p 4060:4060/tcp \
-	-p 32420-32430/tcp -p 32420-32430/udp \
+	-p 32420-32421:32420-32421/tcp -p 32420-32421:32420-32421/udp \
 	-e DATABASE_PATH=/app/wireport/wireport.db \
 	-v /var/run/docker.sock:/var/run/docker.sock \
 	-v ~/.wireport-docker/gateway:/app/wireport \
