It was pointed out that i didn't answer the question. I am sorry. Got confused between host/intercept... For the hosting side, you'll want to pair that with "forward*" options like this:
ziti edge create config hv1dns host.v1 '{"forwardProtocol":true, "allowedProtocols":["tcp","udp"], "forwardAddress":true, "allowedAddresses":["address.one", "address.two"], "forwardPort":true, "allowedPortRanges":[ {"low":1,"high":32768}] }'
You can't use multiple addresses (or CIDRs) in the host.v1 address field, but address forwarding could work for you if you want clients to connect to the same IPs that are intercepted.
For example the following intercept config will intercept two subnets,
ziti edge create config service.intercept.v1 intercept.v1 '{
"protocols": ["tcp"],
"addresses": ["10.0.0.0/24", "10.0.1.0/24"],
"portRanges": [{"low":9080,"high":9080}]
}'
Address forwarding will cause the hosting tunneler to connect to the same IP that was intercepted by the client tunneler. A host.v1 configuration that uses address forwarding would like this:
ziti edge create config service.host.v1 host.v1 '{
"protocol": "tcp",
"forwardAddress": true,
"allowedAddresses": ["10.0.0.0/24", "10.0.1.0/24"],
"port": 9080
}'
So instead of specifying the IP or hostname to connect at the hosting tunneler, you set forwardAddress to true and populate the white list of addresses that are allowed through. host.v1 also supports forwardProtocol and forwardPort (with similar "allowed*" white list fields).
Thanks for all the suggestions, I think i have managed what i wanted.
Got all dutch known IP addresses and DNS working without it changing my WAN ip for all WAN ips in the world.
When i do a wan ip check on a dutch site it shows me our dc ip and if i do a check on a US site it gives my local wan ip
However this is not what we exactly want, but for now it will do until we have another issue.
within this host and interceptor i needed to add 443 and 80 aswell otherwise i could not browse to any dutch sites.
for the future we do hope it will be possible that the windows or mac or linux agent for the end user only selects requests that match exactly a certain rule instead of recognizing a IP and then only allow specific ports to be accessed.
I also had to use /18 subnets otherwise there would be too many arguments in the command.
I do have another issue that i dont know why it is happening.
after some time of inactivity the ZAC logges me off which is fine. But then when i want to login again the port on the connection to the controller changes to the port of the ZAC. i can only log back in after restarting the ziti services and then i get the option again to select the correct port.
i can only log back in after restarting the ziti services and then i get the option again to select the correct port
Just for some clarity, when you're presented with the login screen after being logged out, you're not seeing the "Edge Controller" dropdown option, like in the screenshots below?
@rgalletto
Exactly, I only see this when i restart the ziti services. I am also using diffrent ports than the default because i want it to be reachable from the internet
@toms24x7 Thanks for the info. I was able to reproduce this locally and should have a fix out soon in the next release of ZAC.
Thanks for finding and reporting!
Thanks 
I am trying to install Browzer but i cant get past this issue:
root@walkinturtle-openziti:~# git clone GitHub - openziti/ziti-browzer-bootstrapper $ZITI_HOME/ziti-browzer-bootstrapper
Cloning into '/root/.ziti/quickstart/walkinturtle-openziti/ziti-browzer-bootstrapper'...
remote: Enumerating objects: 1024, done.
remote: Counting objects: 100% (761/761), done.
remote: Compressing objects: 100% (299/299), done.
remote: Total 1024 (delta 606), reused 596 (delta 462), pack-reused 263
Receiving objects: 100% (1024/1024), 622.68 KiB | 10.74 MiB/s, done.
Resolving deltas: 100% (729/729), done.
root@walkinturtle-openziti:~# cd $ZITI_HOME/ziti-browzer-bootstrapper
root@walkinturtle-openziti:~/.ziti/quickstart/walkinturtle-openziti/ziti-browzer-bootstrapper# yarn install
00h00m00s 0/0: : ERROR: [Errno 2] No such file or directory: 'install'
I dont know where it should find install, all variables have been set, have not logged out of my ssh since the install. (made a new install)
Nevermind,
apt remove cmdtest
apt remove yarn
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt-get update
apt-get install yarn -y
This fixed it for me (running debian 12)
The ZAC issue mentioned above regarding the controller port on the login page should now be resolved with the 3.0.8 release.
@rgalletto Damn that was fast, how do i upgrade to the new version?
I do have another question, when i connect to the tunnel from MacOS it takes way longer to establish the connection as i have so many routes that need to be added and looking in the logs it makes it one at a time. With all Dutch IPS you might understand that there are quite a few routes that need to be added.
Just wondering why it takes a few min to establsih it on macos and a few seconds on windows?
From a community hygiene point of view, it's best for the community if you start a new thread/post with each new question. Would you mind turning this last one into a new top post and we can leave this thread for ZAC related questions?
how do i upgrade to the new version?
assuming you downloaded the source -- you would git pull the latest source, then do the ng build/npm install steps again. if you are running the docker version, you would docker pull the latest (or the specific version)
