Multicast to unicast conversion on a wire only router

My router has 2 interfaces on separate network (lan0:192.168.8.1 and lan1:192.168.9.1).
I would like to convert multicast packets that matches certain information like destination IP (224.10.10.10), port number, etc, received on lan0 into a unicast packet with a different destination IP (192.168.9.123) and send it out through lan1.
I have managed to do so for unicast to multicast by adding DNAT rules and using smcroute. However, using a DNAT rule for multicast to unicast doesn't seem to work (packet with the desired unicast destination IP was not detected by Wireshark on the receiving device (192.168.9.123)).

/etc/firewall:
config zone
option name 'lan0'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
list network 'lan0'

config zone
option name 'lan1'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
list network 'lan1'

config forwarding
option src 'lan0'
option dest 'lan1'

config forwarding
option src 'lan1'
option dest 'lan0'

config redirect
option src 'lan0'
option src_dip '224.10.10.10'
option src_port '25000'
option src_dport '25000'
option dest_ip '192.168.9.123'
option target 'DNAT'

Is there a way to do this?

Have a look here.

Hi, thanks for the reply.
I am not sure how that thread is able to help me. Maybe you can elaborate?
Note that I am not trying to route multicast packets but to change multicast packets to unicast then send that unicast packets out.

Multicast to unicast then ...

Haha I have also read that and it doesn't exactly fulfil my requirement unfortunately.
The thread concludes that the destination address remains multicast albeit the desired recipient being the only one able to receive the packet.
I need the destination address to be translated into a specific unicast address.

You didn't increase the TTL, did you?

Deleted what I wrote. I mistook the TTL command as something related to smcroute. I'll give incrementing TTL a try. Thanks

Unfortunately, incrementing TTL does not seem to help.
Note that I do not use smcroute for multicast -> unicast conversion. I am only using the DNAT rule. Do I need smcroute for this conversion?

First of all, does the packet leave the output interface of the router with the correct headers?

How do I find this out? I have Wireshark in promiscuous mode and directly connected to the output interface but am seeing nothing resembling the expected packets so I am assuming the packets are not even sent out.

You can install and run tcpdump on the router and capture packets leaving the egress interface. Use the filters to match the destination IP.

Seems like the router failed to route my packets out of the output interface as suspected.
Using "tcpdump -i lan1 -Q out", the only thing captured are ARP and ICMP packets.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

Also the smcroute configuration if used.

I cannot depend troubleshooting on that. Copy the output from the device, paste it on a notepad, and post it when you have your laptop connected to the internet.

Deleted previously posted command outputs to avoid confusion.

command output

root@GL-MV1000:~# ubus call system board; uci export network; uci export dhcp; uci export firewall; head -n -0 /etc/firewall.user; iptables-save -c; ip -4 addr; ip -4 ro li tab all; ip -4 ru
{
        "kernel": "4.14.221",
        "hostname": "GL-MV1000",
        "model": "GL.inet GL-MV1000",
        "board_name": "gl-mv1000",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.7",
                "revision": "r11306-c4a6851c72",
                "target": "mvebu/cortexa53",
                "description": "OpenWrt 19.07.7 r11306-c4a6851c72"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd7f:467c:2b5f::/48'

config interface 'lan0'
        option ifname 'lan0'
        option proto 'static'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'

config interface 'lan1'
        option ifname 'lan1'
        option proto 'static'
        option ipaddr '192.168.9.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option ifname 'wan'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option force '1'
        option dhcpv6 'disabled'
        option ra 'disabled'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config domain 'localhost'
        option name 'console.gl-inet.com'

package firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan0'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        list network 'lan0'

config zone
        option name 'lan1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        list network 'lan1'

config zone
        option name 'wan'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        list network 'wan'

config forwarding
        option src 'lan0'
        option dest 'lan1'

config forwarding
        option src 'lan1'
        option dest 'lan0'

config redirect
        option src 'lan1'
        option src_dip '192.168.9.1'
        option src_port '25000'
        option src_dport '25000'
        option dest_ip '224.10.10.11'
        option target 'DNAT'

config redirect
        option src 'lan0'
        option src_dip '224.10.10.10'
        option src_port '25000'
        option src_dport '25000'
        option dest_ip '192.168.9.123'
        option target 'DNAT'


force_dns() {
        # lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p')
        lanip=$(uci get network.lan.ipaddr)
        tor=$(ps|grep /usr/sbin/tor|grep -v grep)
        [ "$1" = "add" ] && {
                ip=$(uci get glconfig.general.ipaddr)
                [ -z "$ip" ] && ip=$(uci get network.lan.ipaddr)
                iptables -t nat -D PREROUTING -i br-+ -s 0/0 -p udp --dport 53 -j DNAT --to $ip
                iptables -t nat -D PREROUTING -i br-+ -s 0/0 -p tcp --dport 53 -j DNAT --to $ip

                uci set glconfig.general.ipaddr=$lanip
                uci commit glconfig
                iptables -t nat -C PREROUTING -i br-+ -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
                [ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -i br-+ -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
                iptables -t nat -C PREROUTING -i br-+ -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
                [ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -i br-+ -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip

                if [ -n "$tor" ];then
                        iptables -t nat -C PREROUTING -i br-lan -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 9053
                        [ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -i br-lan -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 9053
                        iptables -t nat -C PREROUTING -i br-lan -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053
                        [ ! "$?" = "0" ] && iptables -t nat -I PREROUTING -i br-lan -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053
                fi



        }
        [ "$1" = "remove" ] && {
                lanip=$(uci get glconfig.general.ipaddr)
                [ -z "$lanip" ] && lanip=$(uci get network.lan.ipaddr)
                iptables -t nat -C PREROUTING -i br-+ -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
                [ "$?" = "0" ] && iptables -t nat -D PREROUTING -i br-+ -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
                iptables -t nat -C PREROUTING -i br-+ -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
                [ "$?" = "0" ] && iptables -t nat -D PREROUTING -i br-+ -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip

                if [ -n "$tor" ];then
                        iptables -t nat -D PREROUTING -i br-lan -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 9053
                        iptables -t nat -D PREROUTING -i br-lan -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053
                fi
        }
}

force=$(uci get glconfig.general.force_dns)
if [ -n "$force" ]; then
    force_dns add
else
    force_dns remove
fi
gl-firewall

# PPTP Passthrough
iptables -t raw -D OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp
iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp
# Generated by iptables-save v1.8.3 on Wed Feb 23 05:07:40 2022
*nat
:PREROUTING ACCEPT [117:6665]
:INPUT ACCEPT [5:1130]
:OUTPUT ACCEPT [435:35936]
:POSTROUTING ACCEPT [447:37210]
:GL_SPEC_DMZ - [0:0]
:postrouting_lan0_rule - [0:0]
:postrouting_lan1_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan0_rule - [0:0]
:prerouting_lan1_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan0_postrouting - [0:0]
:zone_lan0_prerouting - [0:0]
:zone_lan1_postrouting - [0:0]
:zone_lan1_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[1449:1109794] -A PREROUTING -j GL_SPEC_DMZ
[1434:1105043] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[93:14491] -A PREROUTING -i lan1 -m comment --comment "!fw3" -j zone_lan1_prerouting
[1341:1090552] -A PREROUTING -i lan0 -m comment --comment "!fw3" -j zone_lan0_prerouting
[0:0] -A PREROUTING -i wan -m comment --comment "!fw3" -j zone_wan_prerouting
[447:37210] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[10:400] -A POSTROUTING -o lan1 -m comment --comment "!fw3" -j zone_lan1_postrouting
[3:914] -A POSTROUTING -o lan0 -m comment --comment "!fw3" -j zone_lan0_postrouting
[399:33516] -A POSTROUTING -o wan -m comment --comment "!fw3" -j zone_wan_postrouting
[3:914] -A zone_lan0_postrouting -m comment --comment "!fw3: Custom lan0 postrouting rule chain" -j postrouting_lan0_rule
[1341:1090552] -A zone_lan0_prerouting -m comment --comment "!fw3: Custom lan0 prerouting rule chain" -j prerouting_lan0_rule
[0:0] -A zone_lan0_prerouting -d 224.10.10.10/32 -p tcp -m tcp --sport 25000 --dport 25000 -m comment --comment "!fw3: @redirect[1]" -j DNAT --to-destination 192.168.9.123:25000
[1305:1088370] -A zone_lan0_prerouting -d 224.10.10.10/32 -p udp -m udp --sport 25000 --dport 25000 -m comment --comment "!fw3: @redirect[1]" -j DNAT --to-destination 192.168.9.123:25000
[10:400] -A zone_lan1_postrouting -m comment --comment "!fw3: Custom lan1 postrouting rule chain" -j postrouting_lan1_rule
[93:14491] -A zone_lan1_prerouting -m comment --comment "!fw3: Custom lan1 prerouting rule chain" -j prerouting_lan1_rule
[0:0] -A zone_lan1_prerouting -d 192.168.9.1/32 -p tcp -m tcp --sport 25000 --dport 25000 -m comment --comment "!fw3: @redirect[0]" -j DNAT --to-destination 224.10.10.11:25000
[12:10008] -A zone_lan1_prerouting -d 192.168.9.1/32 -p udp -m udp --sport 25000 --dport 25000 -m comment --comment "!fw3: @redirect[0]" -j DNAT --to-destination 224.10.10.11:25000
[399:33516] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[0:0] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Wed Feb 23 05:07:40 2022
# Generated by iptables-save v1.8.3 on Wed Feb 23 05:07:40 2022
*raw
:PREROUTING ACCEPT [4664:2123247]
:OUTPUT ACCEPT [2512:325928]
:zone_lan0_helper - [0:0]
:zone_lan1_helper - [0:0]
:zone_wan_helper - [0:0]
[1113:848935] -A PREROUTING -i lan1 -m comment --comment "!fw3: lan1 CT helper assignment" -j zone_lan1_helper
[2872:1210584] -A PREROUTING -i lan0 -m comment --comment "!fw3: lan0 CT helper assignment" -j zone_lan0_helper
[0:0] -A PREROUTING -i wan -m comment --comment "!fw3: wan CT helper assignment" -j zone_wan_helper
[0:0] -A zone_lan0_helper -p udp -m comment --comment "!fw3: Amanda backup and archiving proto" -m udp --dport 10080 -j CT --helper amanda
[0:0] -A zone_lan0_helper -p tcp -m comment --comment "!fw3: FTP passive connection tracking" -m tcp --dport 21 -j CT --helper ftp
[0:0] -A zone_lan0_helper -p udp -m comment --comment "!fw3: RAS proto tracking" -m udp --dport 1719 -j CT --helper RAS
[0:0] -A zone_lan0_helper -p tcp -m comment --comment "!fw3: Q.931 proto tracking" -m tcp --dport 1720 -j CT --helper Q.931
[0:0] -A zone_lan0_helper -p tcp -m comment --comment "!fw3: IRC DCC connection tracking" -m tcp --dport 6667 -j CT --helper irc
[0:0] -A zone_lan0_helper -p tcp -m comment --comment "!fw3: PPTP VPN connection tracking" -m tcp --dport 1723 -j CT --helper pptp
[0:0] -A zone_lan0_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
[0:0] -A zone_lan0_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
[0:0] -A zone_lan0_helper -p udp -m comment --comment "!fw3: SNMP monitoring connection tracking" -m udp --dport 161 -j CT --helper snmp
[0:0] -A zone_lan0_helper -p udp -m comment --comment "!fw3: TFTP connection tracking" -m udp --dport 69 -j CT --helper tftp
[0:0] -A zone_lan1_helper -p udp -m comment --comment "!fw3: Amanda backup and archiving proto" -m udp --dport 10080 -j CT --helper amanda
[0:0] -A zone_lan1_helper -p tcp -m comment --comment "!fw3: FTP passive connection tracking" -m tcp --dport 21 -j CT --helper ftp
[0:0] -A zone_lan1_helper -p udp -m comment --comment "!fw3: RAS proto tracking" -m udp --dport 1719 -j CT --helper RAS
[0:0] -A zone_lan1_helper -p tcp -m comment --comment "!fw3: Q.931 proto tracking" -m tcp --dport 1720 -j CT --helper Q.931
[0:0] -A zone_lan1_helper -p tcp -m comment --comment "!fw3: IRC DCC connection tracking" -m tcp --dport 6667 -j CT --helper irc
[0:0] -A zone_lan1_helper -p tcp -m comment --comment "!fw3: PPTP VPN connection tracking" -m tcp --dport 1723 -j CT --helper pptp
[0:0] -A zone_lan1_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
[0:0] -A zone_lan1_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
[0:0] -A zone_lan1_helper -p udp -m comment --comment "!fw3: SNMP monitoring connection tracking" -m udp --dport 161 -j CT --helper snmp
[0:0] -A zone_lan1_helper -p udp -m comment --comment "!fw3: TFTP connection tracking" -m udp --dport 69 -j CT --helper tftp
[0:0] -A zone_wan_helper -p udp -m comment --comment "!fw3: Amanda backup and archiving proto" -m udp --dport 10080 -j CT --helper amanda
[0:0] -A zone_wan_helper -p tcp -m comment --comment "!fw3: FTP passive connection tracking" -m tcp --dport 21 -j CT --helper ftp
[0:0] -A zone_wan_helper -p udp -m comment --comment "!fw3: RAS proto tracking" -m udp --dport 1719 -j CT --helper RAS
[0:0] -A zone_wan_helper -p tcp -m comment --comment "!fw3: Q.931 proto tracking" -m tcp --dport 1720 -j CT --helper Q.931
[0:0] -A zone_wan_helper -p tcp -m comment --comment "!fw3: IRC DCC connection tracking" -m tcp --dport 6667 -j CT --helper irc
[0:0] -A zone_wan_helper -p tcp -m comment --comment "!fw3: PPTP VPN connection tracking" -m tcp --dport 1723 -j CT --helper pptp
[0:0] -A zone_wan_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
[0:0] -A zone_wan_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
[0:0] -A zone_wan_helper -p udp -m comment --comment "!fw3: SNMP monitoring connection tracking" -m udp --dport 161 -j CT --helper snmp
[0:0] -A zone_wan_helper -p udp -m comment --comment "!fw3: TFTP connection tracking" -m udp --dport 69 -j CT --helper tftp
COMMIT
# Completed on Wed Feb 23 05:07:40 2022
# Generated by iptables-save v1.8.3 on Wed Feb 23 05:07:40 2022
*mangle
:PREROUTING ACCEPT [175:71430]
:INPUT ACCEPT [68:6316]
:FORWARD ACCEPT [32:26688]
:OUTPUT ACCEPT [112:24136]
:POSTROUTING ACCEPT [144:50824]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_default_poli - [0:0]
:mwan3_rules - [0:0]
[4675:2125303] -A PREROUTING -j mwan3_hook
[0:0] -A PREROUTING -d 224.10.10.10/32 -i lan0 -p tcp -m tcp --sport 25000 --dport 25000 -j TTL --ttl-inc 1
[46:38364] -A PREROUTING -d 224.10.10.10/32 -i lan0 -p udp -m udp --sport 25000 --dport 25000 -j TTL --ttl-inc 1
[2528:331876] -A OUTPUT -j mwan3_hook
[1419:1107341] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[7203:2457179] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[1876:1142919] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[1876:1142919] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[493:38746] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[7203:2457179] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[60:4796] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[388:32592] -A mwan3_policy_default_poli -o wan -m mark --mark 0x0/0x3f00 -m comment --comment "out wan wan" -j MARK --set-xmark 0x3f00/0x3f00
[81:4526] -A mwan3_policy_default_poli -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
[469:37118] -A mwan3_rules -m mark --mark 0x0/0x3f00 -m comment --comment default_rule -j mwan3_policy_default_poli
COMMIT
# Completed on Wed Feb 23 05:07:40 2022
# Generated by iptables-save v1.8.3 on Wed Feb 23 05:07:40 2022
*filter
:INPUT ACCEPT [1:40]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:GL_SPEC_OPENING - [0:0]
:forwarding_lan0_rule - [0:0]
:forwarding_lan1_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan0_rule - [0:0]
:input_lan1_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan0_rule - [0:0]
:output_lan1_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan0_dest_ACCEPT - [0:0]
:zone_lan0_forward - [0:0]
:zone_lan0_input - [0:0]
:zone_lan0_output - [0:0]
:zone_lan0_src_ACCEPT - [0:0]
:zone_lan1_dest_ACCEPT - [0:0]
:zone_lan1_forward - [0:0]
:zone_lan1_input - [0:0]
:zone_lan1_output - [0:0]
:zone_lan1_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
[3229:996348] -A INPUT -j GL_SPEC_OPENING
[679:63728] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[2542:932020] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[1545:120592] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[2:104] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[994:811284] -A INPUT -i lan1 -m comment --comment "!fw3" -j zone_lan1_input
[3:144] -A INPUT -i lan0 -m comment --comment "!fw3" -j zone_lan0_input
[0:0] -A INPUT -i wan -m comment --comment "!fw3" -j zone_wan_input
[1011:834568] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[0:0] -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[1009:834468] -A FORWARD -i lan1 -m comment --comment "!fw3" -j zone_lan1_forward
[2:100] -A FORWARD -i lan0 -m comment --comment "!fw3" -j zone_lan0_forward
[0:0] -A FORWARD -i wan -m comment --comment "!fw3" -j zone_wan_forward
[11:568] -A FORWARD -m comment --comment "!fw3" -j reject
[679:63728] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[1863:271272] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[1461:237636] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[2:80] -A OUTPUT -o lan1 -m comment --comment "!fw3" -j zone_lan1_output
[1:40] -A OUTPUT -o lan0 -m comment --comment "!fw3" -j zone_lan0_output
[399:33516] -A OUTPUT -o wan -m comment --comment "!fw3" -j zone_wan_output
[11:568] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[0:0] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[2:104] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[1001:834040] -A zone_lan0_dest_ACCEPT -o lan0 -m comment --comment "!fw3" -j ACCEPT
[2:100] -A zone_lan0_forward -m comment --comment "!fw3: Custom lan0 forwarding rule chain" -j forwarding_lan0_rule
[2:100] -A zone_lan0_forward -m comment --comment "!fw3: Zone lan0 to lan1 forwarding policy" -j zone_lan1_dest_ACCEPT
[0:0] -A zone_lan0_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[2:100] -A zone_lan0_forward -m comment --comment "!fw3" -j zone_lan0_dest_ACCEPT
[3:144] -A zone_lan0_input -m comment --comment "!fw3: Custom lan0 input rule chain" -j input_lan0_rule
[0:0] -A zone_lan0_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[3:144] -A zone_lan0_input -m comment --comment "!fw3" -j zone_lan0_src_ACCEPT
[1:40] -A zone_lan0_output -m comment --comment "!fw3: Custom lan0 output rule chain" -j output_lan0_rule
[1:40] -A zone_lan0_output -m comment --comment "!fw3" -j zone_lan0_dest_ACCEPT
[2:104] -A zone_lan0_src_ACCEPT -i lan0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[2:80] -A zone_lan1_dest_ACCEPT -o lan1 -m comment --comment "!fw3" -j ACCEPT
[1009:834468] -A zone_lan1_forward -m comment --comment "!fw3: Custom lan1 forwarding rule chain" -j forwarding_lan1_rule
[1009:834468] -A zone_lan1_forward -m comment --comment "!fw3: Zone lan1 to lan0 forwarding policy" -j zone_lan0_dest_ACCEPT
[0:0] -A zone_lan1_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[9:468] -A zone_lan1_forward -m comment --comment "!fw3" -j zone_lan1_dest_ACCEPT
[994:811284] -A zone_lan1_input -m comment --comment "!fw3: Custom lan1 input rule chain" -j input_lan1_rule
[970:808980] -A zone_lan1_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[24:2304] -A zone_lan1_input -m comment --comment "!fw3" -j zone_lan1_src_ACCEPT
[2:80] -A zone_lan1_output -m comment --comment "!fw3: Custom lan1 output rule chain" -j output_lan1_rule
[2:80] -A zone_lan1_output -m comment --comment "!fw3" -j zone_lan1_dest_ACCEPT
[24:2304] -A zone_lan1_src_ACCEPT -i lan1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[399:33516] -A zone_wan_dest_ACCEPT -o wan -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
[399:33516] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[399:33516] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_ACCEPT -i wan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Wed Feb 23 05:07:40 2022
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: wan@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    inet 192.168.10.1/24 brd 192.168.10.255 scope global wan
       valid_lft forever preferred_lft forever
4: lan0@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.8.1/24 brd 192.168.8.255 scope global lan0
       valid_lft forever preferred_lft forever
5: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.9.1/24 brd 192.168.9.255 scope global lan1
       valid_lft forever preferred_lft forever
192.168.8.0/24 dev lan0 proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev lan1 proto kernel scope link src 192.168.9.1
192.168.10.0/24 dev wan proto kernel scope link src 192.168.10.1 linkdown
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.8.0 dev lan0 table local proto kernel scope link src 192.168.8.1
local 192.168.8.1 dev lan0 table local proto kernel scope host src 192.168.8.1
broadcast 192.168.8.255 dev lan0 table local proto kernel scope link src 192.168.8.1
broadcast 192.168.9.0 dev lan1 table local proto kernel scope link src 192.168.9.1
local 192.168.9.1 dev lan1 table local proto kernel scope host src 192.168.9.1
broadcast 192.168.9.255 dev lan1 table local proto kernel scope link src 192.168.9.1
broadcast 192.168.10.0 dev wan table local proto kernel scope link src 192.168.10.1 linkdown
local 192.168.10.1 dev wan table local proto kernel scope host src 192.168.10.1
broadcast 192.168.10.255 dev wan table local proto kernel scope link src 192.168.10.1 linkdown
0:      from all lookup local
2061:   from all fwmark 0x3d00/0x3f00 blackhole
2062:   from all fwmark 0x3e00/0x3f00 unreachable
32766:  from all lookup main
32767:  from all lookup default

smcroute.conf

mgroup from lan1 group 224.10.10.11
mroute from lan1 group 224.10.10.11 to lan0

The rule has some hits, so you can verify that packets are being sent out of this interface.
tcpdump -i lan1 -evn udp port 25000

Nothing.
I started a new session by restarting firewall and noticed that the lan0 -> lan1 forward chain in filter table has 0 hits despite seemingly only having one match criteria which is the input interface being lan0.
What exactly happens after DNAT and before forwarding? Is it routing?
I did ip route with the following output:

192.168.8.0/24 dev lan0 proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev lan1 proto kernel scope link src 192.168.9.1
192.168.10.0/24 dev wan proto kernel scope link src 192.168.10.1 linkdown

Routing seems fine?

Routing is fine, disable mwan3.

No visible effect. tcpdump command still shows nothing.

Post once again to check how it looks now.