Some clients have firewall's that change the source port to a random one on exit of their network. For the hole punch to work, it needs to be the consistent, expected ports that are being actively hole-punched from the server (10070-10080). Otherwise, they will not be able to traverse the host's firewall when using the hole-punching method.
PFSense and it changes the source port by default, but this can be disabled.
Netgear Nighthawk appears to do it as well.
Without tunneling or costing a bunch of money, find an easy redirection methodology (i.e. iptables DNAT on a cheap instance) or something similar
airmon-ster
commented
4 months ago
Some clients have firewall's that change the source port to a random one on exit of their network. For the hole punch to work, it needs to be the consistent, expected ports that are being actively hole-punched from the server (10070-10080). Otherwise, they will not be able to traverse the host's firewall when using the hole-punching method.
PFSense and it changes the source port by default, but this can be disabled. Netgear Nighthawk appears to do it as well.
Without tunneling or costing a bunch of money, find an easy redirection methodology (i.e. iptables DNAT on a cheap instance) or something similar