Port forwarding, multicast to unicast and vice versa, how to do it efficiently?


I would like to forward UDP LAN side multicast packets, to an external IP address on the WAN side

I would like to forward UDP WAN side unicast packets , to internal multicast address on the LAN side

If possible, I would like to use NAT hardware acceleration features so as not to further burden my underpowered embedded router device.

If you need a scenario, here it is.

Imagine Network A and Network B.

Host 1 on Network A is streaming UDP packets to

All hosts on Network A receive this data, including the openwrt router.

I want the openwrt router to forward these packets to the openwrt router of networkB at IP or (preferably using DNS) networkB.com:1234

I don't want to to tunnel or VPN the multicast packets. I don't want to encrypt them and encapsulate them.

I just want the router to forward these packets to the WAN port, using NAT hardware acceleration to change the destination IP address from to (or the IP of networkB.com)

How can that be done ?

Have a look here.

1 Like


I had a discussion with chatgpt and it suggested

for multicast to unicast
iptables -t mangle -A PREROUTING -d -j TTL --ttl-set <New-TTL-Value>
iptables -t nat -A PREROUTING -d -j DNAT --to-destination

and on the receiving end, unicast to multicast
iptables -t nat -A PREROUTING -d -j DNAT --to-destination

I have not yet tried this but maybe that works !

Better take a look here, as I am doubtful that you'll make it work with these rules only.

But I did read it and the method proposed there seem to be for forwarding to another subnet on the same LAN.

I want to push these UDP packets over the internet so my ISP will not honor multicast traffic as far as I know.

So I need to turn them into unicast packets while in transit (and then back into multicast if I still want to multicast on the destination network)

The AI also suggested using udpxy, igmpproxy and socat for encapsulation but I think touching the packets this much is going to overwhelm my weak router's CPU.

I think if it's going to work, all I have cputime to do is re-write the destination address and increment the TTL to a suitable value and then push them to my ISP as is. Ideally somehow using NAT hardware tables to do this ?

It would be easier to setup a tunnel between the lans.

Easier, absolutely, but much more computation, latency and buffering.

I only have an archer c7 router on a 300 Mbps connection it is already near maxed out.

There is no headroom for doing VPN encapsulation of this stream, of which there could be multiple and which could be up to 100mbps each.

Also I hope to keep glass to glass latency under 80ms.

So if there is anyway to use an hardware accelerated method to only re-write the destination IP and TTL value, that would be the best in my opinion.