I'm currently testing 22.03-rc1 on a nano-pi r4s, and loving it for the most part. However, I've been experiencing a strange intermittent issue with a port-forwarding rule.
I have a port-forwarding rule sending destination tcp/443 received from internet at WAN to a LAN host also on tcp/443, with NAT loopback enabled per default. I am able to test the rule using curl from an external cloud hosted server and tcpdump on the target LAN host and can verify that it works, sometimes.
When it works, I see the expected three-way-handshake and traffic flow at my LAN host using tcpdump:
public source IP --> LAN host 443
LAN host 443 -> public source IP
When it doesn't work, I see one of the following traffic patterns at my LAN host:
OpenWRT WAN (public) IP --> LAN host 443
LAN host 443 --> OpenWRT WAN (public) IP
OR
OpenWRT LAN IP --> LAN host 443
LAN host 443 --> OpenWRT LAN IP
This server isn't terribly busy, so by watching tcpdump live I could easily correlate my external test requests from the cloud host to these specific traffic patterns on the LAN host. When it behaves as expected, the curl command quickly completes and returns me to a prompt. When it misbehaves, the curl command hangs, waiting for a response.
My thoughts on this are that perhaps the fw4/nftables NAT loopback code is malfunctioning in some way and is randomly replacing the external source IP with the router's own WAN/LAN IP, as if it thought it was an internal (LAN) reflection-related flow? At first I thought I had messed up the router config, but that wouldn't explain why it sometimes seems to work normally and sometimes doesn't, as well as the inconsistent behavior of router WAN/LAN IP being observed as the source IP (instead of the actual public cloud host source IP).
Has anyone else observed this or is anyone able to also check and see if this happens to them on 23.02-RC1?
Thanks in advance for any replies!