Is it possible to change source port of an incoming packet to the router before the packet reaches its’ destination (destination is directly connected to the router)?
I have a client connected to my router which accept packets just with source port of 1720 (it has no restriction on destination port)!
My incoming packets have source port of 1270 so I must change source port of the incoming packet to 1720 (packet is coming from a network not directly connected to the router) before forwarding it to my client.
All suggestions are welcomed.
Use the SRC-NAT action to do so. I’m not sure what your goal is however, that sounds like it will likely create a broken connection since the source IP won’t know to listen to that port for reply packets since it didn’t start the connection with that src-port.
I am trying to bypass an ISP which blocks packets with srcport and dstport 1720.
A packet comes from 1.1.1.1:1111 (from the Internet and by source port 1111) and goes to 2.2.2.2:2222 which is directly connected to the router.
I add a srcnat rule then I can change source port of the incoming packet (1111) to e.g. 5555, correct?
chain=srcnat action=src-nat to-addresses=1.1.1.1 to-ports=5555 protocol=tcp src-address=1.1.1.1 src-port=1111
Basically yes. The router at the other end needs to know to change it back so it doesn’t make for a broken connection.