UDP port forwarding from guest to internal not working

m1cha · May 28, 2023, 5:42pm

Here's the relevant rule

config redirect
        option dest 'lan'
        option target 'DNAT'
        list proto 'udp'
        option src 'lan_guest'
        option src_dport '8888'
        option reflection '0'
        option dest_ip '192.168.43.100'
        option dest_port '8888'

The generated nftables rule looks like this:

        chain dstnat_lan_guest {
                meta nfproto ipv4 udp dport 8888 counter packets 0 bytes 0 dnat ip to 192.168.43.100:8888
        }

But for some reason that doesn't work. I can see the incoming packet using tcpdump, but I don't see an outgoing one. I have firewall logs enabled on all zones but I don't see any rejection.

m1cha · May 29, 2023, 8:06am

Looks like this was a conntrack issue. The sender was sending a packet every ~5 seconds with the same source/destination ports and apparently the NAT rules don't update if there's still matching conntrack entries.

The solution was to either restart the sender so it uses a new source port or to restart the openwrt router so the conntrack entries get cleared.

system · June 8, 2023, 8:07am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.