My ISP doesn't provide a true public IP, and uses a double/CGNat setup.
They have instead forwarded a port from one of their public servers to my ISP provided WAN ip (10.200.xx.yy). They are adamant that both TCP and UDP is enabled by default.
My ultimate goal is to get WG up and running but during debugging figured out that only TCP was coming through and no UDP packets.
I have tried to setup a minimal test for this theory, and would like some feedback if I am doing this correctly. Essentially, I've opened up a port to another LAN device, and then use netcat.
# Fw rule WAN 50026 (TCP/UDP/ICMP) --> 51112 config redirect option target 'DNAT' option name 'TestFwd' option src 'wan' option dest 'lan' option dest_ip '172.16.100.10' option src_dport '50026 ' list proto 'tcp' list proto 'udp' list proto 'icmp' option dest_port '51112'
nc -vvlp 51112 and
nc -vvulp 51112 on the LAN device, only TCP seems to arrive when using their public IP. Inside my LAN, testing with
netcat directly from the router works for both UDP and TCP as expected.
So, while I dig around more, would like to ask are they any particular (default) firewall rules that might be blocking UDP from the WAN side, but allowing TCP?