We have ~50 identical IoT devices inside a firewall. All of them support a management port that we would like to access from outside during a test deployment phase.

Other than 50 separate rules NATting every individual port to a specific IP is there a way to map:
public IP xxx.yyy.zzz.www on port range 10000 -> 10049
to
private IP range 192.168.1.50 -> 99 port aaaa
with the offset from (incoming) base port 10000 being used as offset to (private) base IP 50

We accept that there is some security risk attached but the application is secured with username/password and this will only be done as/when required during the stabilization period.

Do you want an example?
Regards,
Leandro de Lima Camargo

It looks like you are simply mapping a range of ports on the incoming side to an equal sized range of ports on the private side. That is not what we would like to do..

Maybe my question was not clear.
The destination IP's will be a range (50 IP's) with the specific IP value determined by the base IP + the port offset from the base port.
The destination port will be the same single value

Use the script force, Luke. The requirement is so much out of typical that no single rule mapping a port range to IP range exists.

As for "we'll keep it open only for a couple of days", a colleague of mine has once placed a machine to public IP with firewall off and it was conquered in less than two hours.

So as a minimum I'd recommend you to use a list of source addresses allowed to access those forwarded ports - I assume you don't really need to leave them open for access from anything in the internet.

Hi Sindy,

Thanks for the feedback.
yes, security an issue so we would have enabled the rules only as needed through remote webmin access
And a single IP to access from also makes sense.

Where can I find an example of such a script?

The full manual for scripting is here.

What you need is Test from outside.