Packet Forwarding Puns

I want to setup wireguard in a way where it forward all traffic from a machine to other location.

wifi clients --> WiFi Router ---> Ubuntu 20.04 VM as gateway to Wifi Router with wireguard client ---> Remote Wireguard server.

I want all WiFI client to connect to the wifi network and essentially go to Ubuntu VM and from there routed to the remote wireguard server. So essentially a VPN for all WiFi clients.

On the WiFI router I have setup gateway and everything is working

Here is what my wireguard configuration looks like on the Ubuntu Gateway VM. It has a single interface with named ens18. What am I missing here to fix the issue?

BTW my connection between WG client to remove WG server is working fine as I can ping the remote server from WG interface.

If it helps my home network subnet is 192.168.1.0/24

[Interface]
PrivateKey = privatekey=
Address = 192.168.100.4/32
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE

[Peer]
PublicKey = publickey=
PresharedKey = presharedkey=
Endpoint = wgserver:port
PersistentKeepalive = 25
AllowedIPs = 0.0.0.0/0

So, I'm fairly new to the world of IPV6 and am currently on Comcast. I have a slew of devices behind my ASUS router that I need accessible from the outside. Devices like, security cameras, a server with multiple applications running on different ports, etc. There are literally dozens of devices currently.

I have IPV6 working, and all of my devices are getting assigned IPV6 addresses. I can successfully connect to them from outside the LAN when I use their full IPV6 address. What I'm having trouble with, is that right now I am using a dynamic DNS and assigning certain port numbers to certain devices or services running on my LAN.

For instance,

mydynamic.us.to:9000 --> Camera #1

mydynamic.us.to:9001 --> Camera #2

mydynamic.us.to:9002 --> Camera #3

mydynamic.us.to:80 --> Web Server

mydynamic.us.to:443 --> Web Server

mydynamic.us.to:9003 --> SSH

And so on. With my dynamic DNS I can create a AAAA record, but that only allows me to connect to one device using the dynamic DNS record. So, in order to use dynamic DNS I would have to create a DNS record for every single device with an IPV6 IP and I'm hoping to avoid that.

Basically, with IPV6 I've lost the knowledge on how to route connections coming in on a certain port to certain devices. Is there a way to use my router's IPV6 address as the dynamic DNS AAAA record and have packets coming in on a certain port get re-routed to the correct device? I imagine this would need to be something done in the firewall script?

Appreciate the help as I'm at a bit of a loss here.

I have one location that has 4 ex3400s where randomly, the network will essentially stop working / forwarding for say 10 seconds then resume. No spanning tree logs as that was my first guess. So far, no hope from Juniper ticket support. This location has a fiber link to our main site with the same hardware and they are fine.

This happens to multiple vlans at the “bad site”.. wired and wireless. I can’t create the problem off hours, only happens when staff are there. I’m beginning to think it could be a randomly malfunctioning 3400. I can’t find logs to point me in a direction.

Any advice or things to triple check?

I have setup a Raspberry Pi 4 as a Wireguard VPN gateway that will multihop a couple of Mullvad's servers. I'm having issues with my clients being able to go through the Pi.

I have the Pi setup following most of this guide (https://mgnk.it/2019/03/raspberry-pi-as-a-vpn-gateway-using-wireguard/) but stopping after allowing IP forwarding. Not messing with IP tables until my clients can do what I want which is essentially...

Client -> Pi -> Router ->Internet

The Pi has the forwarding enabled and I've set the gateway and DNS on the client. I know the Pi is forwarding data but is having issues once the tunnel is connected to Mullvad. I'm able to see this by taking down the WireGuard tunnel, my client has internet; connecting the tunnel, client no longer can connect to internet. Tracert on client shows that the Pi is the gateway (and goes all the way through when tunnel is down).

Tcpdump from client pinging 1.1.1.1:

pi@raspberrypi:~ $ sudo tcpdump -nni  ch5-us172 -Q inout icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ch5-us172, link-type RAW (Raw IP), capture size 262144 bytes
01:47:04.462080 IP 10.66.114.95 > 1.1.1.1: ICMP echo request, id 1, seq 1325, length 40
01:47:04.777014 IP 1.1.1.1 > 10.66.114.95: ICMP echo reply, id 1, seq 1325, length 40
01:47:05.482628 IP 10.66.114.95 > 1.1.1.1: ICMP echo request, id 1, seq 1326, length 40
01:47:05.796203 IP 1.1.1.1 > 10.66.114.95: ICMP echo reply, id 1, seq 1326, length 40
01:47:06.500624 IP 10.66.114.95 > 1.1.1.1: ICMP echo request, id 1, seq 1327, length 40
01:47:06.770754 IP 1.1.1.1 > 10.66.114.95: ICMP echo reply, id 1, seq 1327, length 40
01:47:07.519416 IP 10.66.114.95 > 1.1.1.1: ICMP echo request, id 1, seq 1328, length 40
01:47:07.789375 IP 1.1.1.1 > 10.66.114.95: ICMP echo reply, id 1, seq 1328, length 40

From what I can understand here is that

• my client sends a ping (request) to 1.1.1.1 (10.66.114.95 being the connected tunnel's distant end)
• 1.1.1.1 responds to the request from 10.66.114.95

So, now that tunnel needs to forward that reply back to the clients on the 192.168.88.0/24?

Tcpdump result without tunnel connected (I thought it was interesting with 2 requests and replies:

******************EDIT Resolved see bottom*********************

I hit the same issue at this old reddit post. Not sure if it started recently after upgrading from JunOS version 14.1 to 18.1 or not....

https://www.reddit.com/r/Juniper/comments/7hrkfa/dhcp_relay_bindings_on_ex4300/

We have windows 10 clients that are sending DHCP request packets for 20-60 seconds before they send their initial DHCP-discover packet between switching floors (and therefore vlans/networks). While running a pcap on both the client and DHCP server (with my QFX 5100 acting as a DHCP relay server in-between). The request packets never make it to the DHCP server, but the second they send a DHCP discover packet the switch forwards the packet and the DHCP server responds.

Microsoft explanation of the behavior here (first two paragraphs after "more info"): https://support.microsoft.com/en-us/help/167014/dhcp-client-may-fail-to-obtain-a-dhcp-assigned-ip-address

It states here that the relay server should be forwarding the DHCP request messages?: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-subscriber-access-dhcp-local-server-inform-processing.html

Basically what I think needs to happen is either the DHCP relay forwarding the DHCP request packets to the DHCP server or the DHCP relay NAK-ing any and all request packets. Thoughts?

DHCP relay config:

set forwarding-options dhcp-relay overrides delete-binding-on-renegotiation
set forwarding-options dhcp-relay server-group Production [DHCP Server]
set forwarding-options dhcp-relay group Production active-server-group Production
set forwarding-options dhcp-relay group Production interface irb.216
set forwarding-options dhcp-relay group Production interface irb.218

Below is a "show dhcp relay binding" output every 1 second after swapping client vlans via different switchports.

> show dhcp relay binding XX:XX:XX:XX:XX:XX | refresh 1  
---(refreshed at 2020-01-06 09:02:03 EST)---
IP address        Session Id  Hardware address   Expires     State      Interface
10.1.1.14     3905        XX:X

Apparently this comment from a year ago stated that only one core was used. Is that accurate as per May 2020?

This short video (8 min) explains with a simple network how a packet is forwarded from your home PC to a public IP on the internet. This is a decent starting point if you're studying for the CCNA or Network+

What you will learn:

-What is a default gateway

-What a private IP is versus a public IP

-BGP AS-PATH attribute

-How a MAC address changes along the network path

This is my first technical video and I would love your feedback on whether I explained everything clearly.

https://youtu.be/vcha3GHnPok

Hello!

Does anyone now how to forward broadcast packets from one subnet to another and back? I have a program to control a audio mixers, there a 5 devices in 5 rooms, every room has it's own subnet and ethernet port on mikrotik RB4011. This mixers controls only through program on windows or android and this program can't save list of ip addresses of many devices, it can only scan subnet and see devices around.

Problem is that program in one subnet and devices itself in 5 different subnets. I can NAT search reaquest from that program to ONE room, but i need to control all devices :)
Any ideas?

I have a Nexus 5020 (Actually a UCS6140xp running NX-OS) that doesn't seem to be forwarding traffic with tagged vlans. I just installed NX-OS and everything else seems to be working fine, even untagged traffic, but my tagged traffic seems to be getting lost. As far as I understand this system should configure just like catalysts do when it comes to interfaces and vlans/switchport stuff but I feel like I must be missing something. I've tried with the interface-vlan feature on and off and there doesn't seem to be a difference. I haven't done any configuration other than setting up the management interface, vlans, and a few eth interfaces.

 

Running 'show run all' isn't giving me a lot to work on but I must be missing something. Here's a pastebin of the config with password hashes removed https://pastebin.com/TE57WBMH.

Is there something really obvious that I'm missing? This is my first experience with Nexus gear but I'm very familiar with Catalysts. Any help would be greatly appreciated!

 

Edit: Forgot to post the pastebin of "show version" which is here: https://pastebin.com/YPbFDZmJ

Hello guys, I recently noticed some very high packet losses in-game.

I started noticing them after the huge update.

First i tried to ping google.com and other websites to see if it affects my normal browsing stuff. In the cmd I typed in "ping google.com -n 60" a couple times and most of the time, i had under 1% packet loss, but with fluctuating ping from 30ms to 110ms (avg. of 50ms). This doesnt sound too good, so i def have to switch my router i think (I swaped my LAN(Ethernet) cable 2 months ago).

But anyways, 1% is an okay value, so how come in Apex i get 50%? Its literally unplayable for me right now since i lose fights i shouldve easily won, miss shots i shouldve hit etc. I followed EA's trouble shoot, where I had to open ports. After some struggle, i managed to open said ports and yet still no improvement at all regarding packet loss. Thats the case for ALL servers i can choose of.

My next step would be to swap my router, but regarding the corona-situation, i doubt theyll send it anytime soon. Other than that, i have no actuall clue how to proceed from here on. Any tips or hints are much appreciated.

Side note: I play on PC and live in Berlin, Germany. My ping to frankfurt is at around 38ms

hi,

The title sounds stupid, but that's the best I can do to keep it brief. I have a CRS305 switch, which I use in the default configuration (with RouterOS, but tried to switch to SwOS) with only the IP address customized. Connected to it are FreeNAS with Chelsio 10Gbe board (Twinax cable) and MacPro with Myricom 10Gbe-T (Cat6 cable with Mikrotik RJ45 10Gbe SFP on the CRS305 end). MacPro has the card in the external Thunderbolt enclosure. This worked perfectly with High Sierra on the Mac until yesterday when I was forced to upgrade to Catalina.

Now I see the link between Myricom and CRS305 active, auto neg successful, both sides report 10G line speed, flow control on, and CRS305 sees the MAC address of the Myricom board in the Hosts tab of the Bridge menu in webfig. I assigned the Myricom a static IP and trying to ping the CRS305 address I see the ARP requests from the Mac on the switch side, but not replies (I tried to ping other hosts on the internal network, including the NAS, with the same result).

All error counters I was able to find are 0. MTU is 1500 everywhere (I believe Jumbo is not supported by the Mikrotik RG45-T SFPs).

I reset configuration and tried with factory settings - no difference. Updated Myricom driver.

The rest of the network is 1Gbe and connected to the CRS305 through the ether1 interface. The rest of the network sees NAS perfectly well, so the switch itself is working.

Any ideas of where to look are very much appreciated.

Options on Myricom:

en14: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=46f<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,TSO6,CHANNEL_IO>
	ether 00:60:dd:43:b4:80
	inet6 fe80::83a:4759:828d:a140%en14 prefixlen 64 secured scopeid 0x12
	inet 10.0.1.199 netmask 0xffffff00 broadcast 10.0.1.255
	nd6 options=201<PERFORMNUD,DAD>
	media: 10Gbase-T <full-duplex,flow-control>
	status: active

So I have 4 vms. More over I have 3 networks. ens160, ens224 and ens192.

1. Centos on ens160
2. Windows on ens 192
3. Another centos on all networks - ens160, ens224 and ens192. More over, the forth one is only on ens224

So I want my third machine to be able to forward packets from the forth machine to the 1st and 2nd machines, and vice versa.

I enabled ip_forward on the third machine. Any suggestions?

So I’ve got a question. I’m working on a TCP proxy right now. What is expected is that:

• General: A host will send tcp packets to said proxy and the proxy then forwards it to its intended destination.

• Point: when the proxy gets traffic from a host, an action needs to be triggered (this I have done already, but with hard coded IPs)

I’m using sockets in Python so socket AF_INET, SOCK_STREAM. What I don’t understand is how the proxy gets the packets IF the packets are destined for their real destination address? If an unknowing host sends packets out to their destination say 1.3, how would the proxy pick up / get those packets and then forward them to 1.3 on behalf of the host? If the packet’s destination was 1.3, how would a proxy who’s source is 1.1 get those packets??

Right now I have a basic tcp client/server and the proxy server.

What I want to do is from the client, send tcp packets to the server without the client having knowledge of the proxy. If I want to go to a web server hosted on the client on a port, I just type in the ip:port of the server. The proxy gets that traffic and forwards it to the server.

What I have right now is send the data to the proxy and then have the proxy hardcoded to send to the server. In my example above I have the client connecting to a port on the proxy, and the proxy sends the data to the web server. All destination IPs are hard coded.

So in that example, what if there’s 2 web servers (A & B)? If I have a host trying to connect to Server A and I send that data to the proxy’s addresses, how does the proxy know if the data is destined for Webserver A or B? (Since the dst address coming from the client is that of the webserver?) the goal is to have the client just type in the address of webserver A (packets dst of webserver A), that data being sent to the proxy, and the proxy sending it to webserver A.

(note: this is for ALL tcp traffic, not just web traffic)

TLDR; How does a proxy receive packets that are not initially destined for it and then forward them to their real destination?

Also: if anyone knows how to do this in python or an easy enough process I’d love to hear it!

Thanks for the help!

Hi gents

I've just switched to openwrt and loving it. I've got an openvpn connection up and running (but not set as a default route... I don't want all my traffic going through it). What I do have is DSCP tagged traffic that i do want to send out the VPN.

Can anyone point me in the right direction here with iptables? While I have used it it's only in the sense of "I have copied and pasted with slight modification" ...

thanks for any insight you care to offer

So now I have 3 virtual machines (CentOS 7) and 2 networks:

• 1st on the 1st network 10.4.3.5 / eth0
• 2nd on the 2nd network 10.4.0.46 / eth0
• 3rd on both networks:
• 10.4.3.7 / eth0
• 10.4.0.45 / eth2

All networks are masked 255.255.255.0 and the 1st and 2nd machine do not see each other. 3rd machine sees both directly via eth0 and eth2 respectively.

Sysctl config on the 3rd machine:

[root@took70 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /etc/sysctl.d/10-ipv6.conf ...
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.eth1.disable_ipv6 = 1
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/bp.conf ...
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
* Applying /etc/sysctl.conf ...
[root@took70 ~]#

I also disabled firewalld and iptables everywhere.

Then I set the route on the 1st machine: route add -net 10.4.0.0 gw 10.4.3.7 netmask 255.255.255.0 dev eth0 And also on the 2nd machine: route add -net 10.4.3.0 gw 10.4.0.45 netmask 255.255.255.0 dev eth0

The problem is I still cannot ping between 1st and 2nd machine via the 3rd acting as a gw. Ping packets actually go to the gw and from tcpdump I can see ICMP echo requests on both interfaces eth0 and eth2 but it looks like they never reach the final machine.

I added the rp_filter lines to sysctl because the pings were somehow still ICMP redirected (https://access.redhat.com/solutions/53031). Can the cause be that the 2 virtual networks have the same VLAN ID? They even have the same name only the second one has the "-nat" postfix.

I have no idea why my configuration does not work. Help please?

So in the NSX Upgrade Guide, under Operational Impacts of NSX Upgrades, it says, among other things, the following ( https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/com.vmware.nsx.upgrade.doc/GUID-0D6A3C1D-BFC0-441E-822E-FF2F41212891.html ):

 Impact during the NSX Edge upgrade:
     * ...
     * Packet forwarding is temporarily interrupted.

So one little bullet point indicates you will have a complete outage of North-South traffic in and out of your NSX environment.

Can anyone tell me how long this outage usually lasts? Does it take effect if you have an HA Pair of NSX Edges?

The piece of text below is from a cisco doc on "Route Selection" My grey area of understanding: What happens when you have an ip that falls into more than one range but because of the 'longest prefix is preferred' rule is sent to the wrong network. If its not sent with its prefix information(aka subnet mask), How does it get to the 'correct' destination network? I feel like I'm missing a piece of the puzzle.... Thanks!

"Likewise, if a packet destined for 192.168.32.100 arrives on one of the router's interfaces, it's forwarded to 10.1.1.2, because 192.168.32.100 doesn't fall within 192.168.32.0/26 (192.168.32.0 through 192.168.32.63), but it does fall within the 192.168.32.0/24 destination (192.168.32.0 through 192.168.32.255). Again, it also falls into the range covered by 192.168.32.0/19, but 192.168.32.0/24 has a longer prefix length."

Every couple years or so I look for current pricing on L3 switches with ASIC forwarding -- including IPv6 support. The cheapest I've seen are from Mikrotik, and it's probably all software.

Anyone aware of something like that?

Hey everyone,

I have a little setup which I will describe real quick:

WAN > WAN-Interface Router1 | LAN-Interface Router1 > LAN-Interface Router2 | LAN-Interface Router2 > PC

I need this exact setup WAN > Router1 > Router2 > PC because one router has features the other one hasn't and vice versa.

My goal: Set everything up so I can WOL my PC from the WAN (with my phone).

I am currently testing everything with "Remote Desktop" only for testing purposes. I forwarded Port xxxx (WAN) > 3389 (PC IP) to test everything on Router1 and that worked without any problems.

All I did after that was changing it to Port xxx (WAN) > Port yyy (Router2 IP) on Router1 and "Port yyy > Port 3389 (PC IP)" on Router2. After this change it didn't work anymore.

Now can anyone tell me how I can route this packet through so it gets to my PC through both of these routers? I will later change the ports to WOL but for now this is my setup for testing purposes.

Advice would be very appreciated, thanks in advance.

Hello, I am trying to forward UDP packets from one server to another. I see that my problem is probably with IPtables and i am hoping someone here can help. So the way i believe this is supposed to work is UDP packets come in on ports 42000-42020 and then they get sent to eth0 or eth1 which then forwards them to my other server. The issue is i cant seem to get the packets into my second server. If i do a echo "this is a test" > /dev/udp/ipofserver2/42010 then i see data come in with tcpdump. But iptables i dont think is sending it to the second server. Hoping to get some help here. This is what i have for ip tables rules:

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:42000:42020 to:ipofserver2

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)


num  target     prot opt source               destination
1    MASQUERADE  udp  --  0.0.0.0/0            ipofserver2           udp dpts:42000:42020

any help would be super appreeciated. Thanks! :)

I have three Unifi switches in one location, two 8 port, and one 48 port. Im trying to setup paging on some Polycom phones using multicast, and it works fine when two phones are on the same switch, but it doesnt work when phones are on different switches.

I have IGMP snooping on my controller for my primary LAN, which is assigned to all of my switches. What am I missing?

This is the output of ifconfig on my system:

...
eno1:   ... inet 192.168.2.1    netmask 255.255.255.0 ...
eno1:0: ... inet 10.24.6.1      netmask 255.255.255.0 ...
eno1:1: ... inet 10.8.6.4       netmask 255.255.255.0 ...
eno2:   ... inet 192.168.2.1    netmask 255.255.255.0 ...
...

I am receiving UDP packets on eno1 but I'd have to forward them onto eno1:0. I have changed the MAC address on eno1:0 to match the MAC address expected by the UDP packets and also the destination address of the packets matches the IP on eno1:0. So I first enabled IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

and then this

iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
iptables -A FORWARD -i eno1:0 -j ACCEPT

but it is not working. After deleting these and also restarting the system I tried this

echo 1 > /proc/sys/net/ipv4/ip_forward
ip route add 10.24.6.1/24 via 192.168.2.1

but this also doesn't work. I'm really confused. I see these type of questions all over the internet and it's clear there are a lot of people confused as hell just like me. Networking is hard. What am I doing wrong?

I would also like to know your opinion about mac vlans. Based on what I've read they seem to be a better choice for my case. Right?

So we have an use case where we want to connect vpc between two different regions, i have been following this guide and i am able to communicate between two instance on which openvpn is running for example let's say i have configured between 10.0.0.1 and 172.30.0.1 I am able to ping between this two instances, but suppose if i want to communicate to 172.30.0.2 instance it fails. Using tcp dump command sudo tcpdump -n host 52.xxx.xxx.xxx i can see that am getting the request but seems like it is not able to forward the request to the 172.30.0.2 instance I am following this guide http://aws.amazon.com/articles/0639686206802544 Also i have added net.ipv4.ip_forward = 1 so this should forward the packets but still i am not able to communicate the other instances from the subnet Also i am pretty sure my route table entries are fine 172.30.0.0/16 local Active No 0.0.0.0/0 igw-5e45593c Active No 10.0.0.0/16 eni-358a627d / i-05de8a4ce671518bc

similar route table for the other region vpc

Any guidance would be appriciated

Update do i have to add this rules > /sbin/iptables ­t nat ­A POSTROUTING ­o eth0 ­j MASQUERADE > /sbin/iptables ­A FORWARD ­i eth0 ­o tun0 ­m state ­­state RELATED,ESTABLISHED ­j ACCEPT > /sbin/iptables ­A FORWARD ­i tun0 ­o eth0 ­j ACCEPT

> Routing tables are generally not used directly for packet forwarding in modern router architectures; instead, they are used to generate the information for a smaller forwarding table.

http://en.wikipedia.org/wiki/Routing_table

Im new in Networking so I cannot understand this. I thought a routing table tells where to forward packets. But Wiki says its not used directly for packet forwarding. Is Wiki saying that only 'local' routing tables exist?

I mainly ask this because since yesterday the packet loss problem is horrendous, I literally had a 5 minute period where everything was rubber-banding, and unless my ISP decides to interfere with my connection specifically while playing Dawngate (I'm on DSL so sometimes when they run tests and such it causes some minor problems) there is a major problem somewhere. I feel it's packet loss though and not just straight lag because a lot of the time when it occurs it's right before say a projectile or auto attack hits making me think the server is trying to get the data packets to determine damage and such.

So, can allowing ports, or firewall exceptions, or anything really fix this, it's becoming so hard to play anymore I use to build Marah as a mixed defense/power bruiser, now I go basically 6 defense items (with hilarious results mind you) just to make sure I don't get screwed over by something out of my power to control.

Something extra to add, I ran a constant 5 hour connection test to a place in Chicago (where I assume the server is located since my ping is in the high 50s, where it's 90-95 for League and it's on the West Coast) and it's solid low 50s all day long NP. At most during the entire test 3 packets were lost in an hour.

I am on ubuntu 20.04 server. What's the easiest way to forward all incoming traffic on a specific port to another ip address. So packets coming into machine go to another machine?

This short video (8 min) explains with a simple network how a packet is forwarded from your home PC to a public IP on the internet. This is a decent starting point if you're studying for the CCNA or Network+

What you will learn:

-What is a default gateway

-What a private IP is versus a public IP

-BGP AS-PATH attribute

-How a MAC address changes along the network path

This is my first technical video and I would love your feedback on whether I explained everything clearly.

https://youtu.be/vcha3GHnPok