Something better than port forwarding

HowTos, FAQs, Tips & Tricks, & Guides
Post Reply
jogger
Posts: 45
Joined: 19 Feb 2018 09:00

Something better than port forwarding

Post by jogger »

The usual i2p setup is to sit behind an internet router and according to the docs use port forwarding to get traffic from your i2p peers to your local machine. So you create a rule to forward internet traffic on port 12345 to port 12345 on local machine 10.1.2.3. Simple and works most of the time.

In fact behind the scenes your internet router then creates/uses 3 rules:
1.) a firewall rule to permit inbound traffic on port 12345
2.) a destination NAT rule for inbound traffic doing the forwarding configured above
3.) usually uses a default system-wide source NAT rule for outgoing traffic that specifies IP-masquerading https://en.wikipedia.org/wiki/Network_a ... ranslation

3.) is the problem, as this changes the port on outgoing packets. If your peers do not like the port used, problems range from your i2p router going firewalled to a total communication breakdown. Little can be done if you use a consumer-type router that has no other way of configuring the above.

If your router permits, ditch port forwarding and configure the above three rules separately. For source NAT create a rule that specifies outbound traffic from 10.1.2.3 on port 12345 to be sent on port 12345, just the reverse of rule 2. This is like having your i2p router directly connected to the internet, resulting in the least possible network errors.
Post Reply