hi, so ive been working on my install as of recent, moving from tinc. i want to set up a few ports that will act as a TCP tunnel to a server on my home network for game servers, using iptables. im not sure why what im doing isnt working. seems when i try to get the netmaker server (10.10.0.254) to ping the homeserver ip (10.10.0.1) it gets a response way too fast >1ms when i ping the nm server from the home server its about 30ms. using tcpdump i can confirm its not sending packets to the homeserver ip adding the nm server as a netclient (10.10.0.4) solves this. but not even sure if that the right way about this. even then my iptables arent working and i cant get the game clients to connect to the server. checking tcpdump i can see both end are receiving packets just not sure whats catching fire atm i believe these were the same rules i was using when i had the tinc server set up a few months back, hopfully someone here can spot what ive missed

iptables -t nat -A PREROUTING -d x.x.x.x -p tcp --match multiport --dport 25500:25600 -j DNAT --to-dest 10.10.0.1:25500-25600

iptables -I FORWARD 1 -d 10.10.0.1 -p tcp --match multiport --dport 25500:25600 -j ACCEPT

iptables -t nat -A POSTROUTING -m conntrack --ctstate DNAT -d 10.10.0.1 -p tcp --match multiport --dport 25500:25600 -j SNAT --to-source 10.10.0.4

There is nothing wrong with running netclient on the server. Removing the embedded netclient in the netmaker container is under consideration for future releases.

ah nice, was worried that was doing something janky and not helping myself

the embedded netclient runs in userspace by necessity, which explains the slow ping time

ok so i think it was the dumbest mistake of course. i forgot to reboot the server so it was still binding to my local home ip and not the vpn ip