I'm using a NanoPi R5C router with their reskinned "FriendlyWRT" firmware. I've set up several port forwards to route traffic from the WAN interface to the LAN side, and all of these work fine. The issue I'm running into is with the LAN reflection.
For instance, I have a Plex server running on port 32400 on my LAN. I can access this server from the WAN side without a problem, but when trying to use the WAN address to access the Plex server from another machine on the LAN side, it doesn't work. I've tried everything indicated in this thread without luck
One thing I did notice is I started a tcpdump session to see if I could determine why the packets aren't going from the dstnat_lan chain to the srcnat_lan chain. However, upon starting the tcpdump, suddenly the forwarding started working correctly. I figured it was a fluke that the tcpdump initiation somehow fixed, so I stopped the dump, and the forwarding stopped working. I started it again, it came back.
So, the question is: why does it only seem to work while tcpdump is running on the router? That seems a very inconvenient and resource-intensive way to get what should be fairly basic functionality working. Any suggestions anyone can provide on how to fix this would be appreciated.
For reference, here is the redirect rule from my uci settings:
firewall.cfg103837=redirect
firewall.cfg103837.dest='lan'
firewall.cfg103837.target='DNAT'
firewall.cfg103837.name='Plex'
firewall.cfg103837.proto='tcp'
firewall.cfg103837.src='wan'
firewall.cfg103837.src_dport='32400'
firewall.cfg103837.dest_port='32400'
firewall.cfg103837.dest_ip='192.168.1.60'
firewall.cfg103837.reflection_zone='lan'