Community discussions

 
shivansps
newbie
Topic Author
Posts: 32
Joined: Fri Sep 22, 2017 1:18 am

How exactly this works? dstnat to external ip

Sun Sep 29, 2019 6:27 pm

This is something i did not realised that can be done. My friends and i were playing in a Arma 3 server a few days ago, and 3 of them had problems conecting to the server due to very high packet loss, so out of the "im out of ideas lets try this" i did a firewall rule to dstnat all the ports needed to the server IP and they conected to my ip instead of the server. To my suprise this worked, and perfectly.

I never had time to check but how this works? I suspect that by doing this the router acts as a "proxy": Client<->My Router<->Server. It is like this?
 
Zacharias
Forum Veteran
Forum Veteran
Posts: 760
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: How exactly this works? dstnat to external ip

Sun Sep 29, 2019 6:43 pm

You configured the clients with your public IP?
Then you created a dst-nat on your router?
Do i understand correctly?
Can i see that dst-nat rule?
 
Sob
Forum Guru
Forum Guru
Posts: 4806
Joined: Mon Apr 20, 2009 9:11 pm

Re: How exactly this works? dstnat to external ip

Sun Sep 29, 2019 6:47 pm

It's simple, dstnat changes destination address, so when they connect to you, their packets are redirected to target server. And since you also have srcnat/masquerade on WAN interface, and it's clearly not limited only to connection from your LAN, you created a variant of hairpin NAT config. So from server's perspective, their connections are coming from you, so server responds back to you, connection tracking on your router deals with it and correctly forward responses back to clients.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
shivansps
newbie
Topic Author
Posts: 32
Joined: Fri Sep 22, 2017 1:18 am

Re: How exactly this works? dstnat to external ip

Sun Sep 29, 2019 9:55 pm

It's simple, dstnat changes destination address, so when they connect to you, their packets are redirected to target server. And since you also have srcnat/masquerade on WAN interface, and it's clearly not limited only to connection from your LAN, you created a variant of hairpin NAT config. So from server's perspective, their connections are coming from you, so server responds back to you, connection tracking on your router deals with it and correctly forward responses back to clients.
Interesting i did not realised it was so easy to create a "relay" like this, thank you.

Who is online

Users browsing this forum: Google [Bot] and 102 guests