For sites behind NAT routers, you can stabilize the connection to the netclient by setting up port forwarding, and setting a static port for the Netclient.
Port Forwarding
Set up port forwarding rules to forward traffic from the WAN to the machine with Netclient installed. Use custom ports such as 55555.
Here is an example of setting up port forwarding to a generic Linux machine that uses an iptables firewall.
1
Enable IP forwarding at the kernel level
By default, most systems have forwarding turned off. To turn port forwarding on permanently, edit the /etc/sysctl.conf file with sudo privileges:
/etc/sysctl.conf
sudo nano /etc/sysctl.conf
Inside the file, add this line at the bottom:
net.ipv4.ip_forward=1
Save and close the file.
2
Apply sysctl settings
Apply the settings you added:
sudosysctl-p
Then load the system-wide settings:
sudosysctl--system
3
Identify WAN and LAN interfaces
Find the WAN and LAN interfaces on the machine using:
ipa
4
Add DNAT rule to forward incoming traffic
Use the -j DNAT target of the PREROUTING chain in the nat table to forward incoming packets to the internal IP and port. Replace {PUBLIC_IP} and {INTERNAL_IP} with your values:
Allow LAN nodes with private IP addresses to communicate with external public networks by masquerading outbound traffic on the external interface (e.g., eth0):
iptables-tnat-APOSTROUTING-oeth0-jMASQUERADE
6
Result
Now the port forwarding rule for UDP port 55555 is set on the Linux machine and can be used for WireGuard/Netclient connections.
Assign Static Port
To stabilize connections for sites behind NAT routers, set each Netclient host port to "static" and specify the custom port from above (for example, 55555). You can configure this in the Netmaker web UI by going to "Hosts" and then "Edit Host" on the specific netclient hosts.
