UDP Portforwarding IPTables not work / TCP works fine

[Vene]

Hello Proxmox users,
I have problems with forwarding UDP ports.

My network interface currently looks like this:

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
address XX.XX.XX.124/24
gateway XX.XX.XX.97
bridge-ports eno1
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.0.0.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

#RDP
post-up iptables -t nat -A PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p tcp -m tcp --dport 1337 -j DNAT --to 10.0.0.20:3389
post-down iptables -t nat -D PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p tcp -m tcp --dport 1337 -j DNAT --to 10.0.0.20:3389

#ARK SA Server
post-up iptables -t nat -A PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p tcp -m tcp --dport 7777 -j DNAT --to 10.0.0.20:7777
post-down iptables -t nat -D PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p tcp -m tcp --dport 7777 -j DNAT --to 10.0.0.20:7777
post-up iptables -t nat -A PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p udp -m udp --dport 7777 -j DNAT --to 10.0.0.20:7777
post-down iptables -t nat -D PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p udp -m udp --dport 7777 -j DNAT --to 10.0.0.20:7777
post-up iptables -t nat -A PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p tcp -m tcp --dport 27015 -j DNAT --to 10.0.0.20:27015
post-down iptables -t nat -D PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p tcp -m tcp --dport 27015 -j DNAT --to 10.0.0.20:27015
post-up iptables -t nat -A PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p udp -m udp --dport 27015 -j DNAT --to 10.0.0.20:27015
post-down iptables -t nat -D PREROUTING -d XX.XX.XX.124/24 -i vmbr0 -p udp -m udp --dport 27015 -j DNAT --to 10.0.0.20:27015

Redirection via TCP with #RDP works. I can access the VM from 10.0.0.20:3389 via Remote Desktop via port 1337, for example

However, the UDP protocol does not work. All Google pages are now purple and there is no suitable solution. I also can't explain why UDP isn't forwarded.

If I now put an Ark or Minecraft server on port 7777, it cannot be reached. 7777 is also still closed via ismyportopen.com.

However, when I now start an Apache server on 7777, it is open and accessible. So TCP works.

I spent the whole day checking what the problem was. No firewall.

 

[Vene]

Apparently it works after all. But only on CT containers. It doesn't work with Windows KVM.
I'm currently testing whether it runs under Debian 12 KVM.
If so, it is still due to a setting in Windows (even though the firewalls are all deactivated)
If not, the search continues. But then only in KVM.

EDIT:
On Debian 12 KVM works, too.
Its a Windows Problem in KVM. Because without Proxmox works, too.

 

[_gabriel]

I can confirm there is no Windows problem either.
UDP works with OpenVPN as Server on Windows VM ( tested on 3 PVE hosts : v7.2 + v7.4 + v8.1 )
Using default network PVE (=only 1 vmbr0 bridged mode).

 

[_gabriel]

Here works, with routed network configuration too, default vmbr0 bridge + vmbr1 for vm with masquerade.
default firewall setting + pve is virtualized in vmware workstation.
internet openvpn client connect to udp public port > isp router with port redirection to > ip pve host (which use the bridge of vmware workstation for windows) > nat/masquerade of PVE with port redirection (same rules as you) > ip of VM Win