due to a series of circumstances, I need to have a “common” port (like 587) redirect to another one, but on the firewall itself (i.e., I try to connect to the router on port 22 but my connection ends up on 12345 instead). While for TCP it worked, I wasn’t able to get it working with UDP.
Note that port 12345 is already open on the router, I just can’t connect to it directly due to certain policies on the machine I want to attempt the connection from.
Honest question: why do I need DNAT? This is on the router itself.
config redirect
option name 'Wireguard_test'
option src 'wan'
option dest 'lan'
option src_dport '587'
option proto 'udp'
option dest_port '51820'
option dest_ip '192.168.10.1' # Router IP
EDIT: In fact, iptables uses REDIRECT in this case when the rules are applied (this output is from an earlier version that doesn’t have the IP baked in).
Apologize, probably I do not understand your initial requirement. What does “on the router itself” mean? Redirection within the same firewall zone (lan)? Maybe a small picture or users with much more firewall know how will help …
Ok, let’s reword, since I understand it’s not clear at all:
Router has one service on port 51820 (UDP), which is opened to outside (WAN)
I can’t access 51820 from a certain location (filtered) so I need to use a more common port
I’d need to connect to port 587, or equivalent, and get redirected to port 51820, still on the router.
When doing this on TCP (forward port 587 to 22, for example, TCP) it works (granted, port 22 was never open to the outside). When doing this with UDP, it basically does nothing (connections time out).