Hi, > No port 4500 packet hitting its own interface. Only a keep-alive.
That's the only packet that's sent from port 4500 (as also stated in the log, where it clearly states that kepp-alive is being sent, nothing else). Since no request to port 4500 ever makes it to the daemon (the log tells you that too) it naturally won't send any response and so you also don't see any other packets in tcpdump. Seems like your DNAT to port 4500 is not working. Regards, Tobias
