DocsAPI

Stabilize Netclient Connections Behind NAT

For sites behind NAT routers, you can stabilize the connection to the netclient by setting up port forwarding, and setting a static port for the Netclient.

Port ForwardingCopied!

Set up port forwarding rules to forward traffic from the WAN to the machine with Netclient installed. Use custom ports such as 55555.

Here is an example of setting up port forwarding to a generic linux machine that uses iptables firewall.

  1. Enable traffic forwarding at the kernel level. By default, most systems have forwarding turned off. To turn port forwarding on permanently, you will have to edit the /etc/sysctl.conf file. You can do this by opening the file with sudo privileges: “sudo nano /etc/sysctl.conf”

  2. Inside the file, add this line at the bottom: “net.ipv4.ip_forward=1” and then Save and close the file when you are finished.

  3. Then apply the settings in this file. First run the following command: “sudo sysctl -p”

  4. Then run the same command, but replace the -p flag with--system: “sudo sysctl --system”

  5. Find the WAN and LAN interface on our machine using the command “ip a” as shown below.

  6. Next, we can use the -j DNAT target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded. The command to use: ”iptables -t nat -A PREROUTING -i eth0 -p udp -d {PUBLIC_IP} --dport 55555 -j DNAT --to {INTERNAL_IP}:55555”

  7. To allow LAN nodes with private IP addresses to communicate with external public networks, configure the firewall for IP masquerading, which masks requests from LAN nodes with the IP address of the firewall’s external device such as eth0: “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE”

  8. Now, the port forwarding rule for port number 55555/udp is set in our linux machine and we can proceed to use this port number for our wireguard connections.

Assign Static PortCopied!

To stabilize connections for sites behind NAT routers, set each Netclient host port to 'static' and specify the custom port from Step 3, such as 55555. You can configure this in the Netmaker web UI by going to “Hosts” and then “Edit Host” on the specific netclient hosts.