Destination NAT port forwarding to hosts in the same network as the original destination doesn't work. The problem is the return path, which will be asymmetric.
Let's say a client with the IP address 192.168.1.100 attempts to reach the redirected port at 192.168.1.3. The path of the packet in this slightly simplified version of your setup would look like this:
Code:
192.168.1.100 ---udp---> 192.168.1.3:6000 ---udp---> 192.168.1.91:6000
The packet will indeed be NATed by 192.168.1.3 and forwarded to 192.168.1.91. At this point, the packet has a destination address of 192.168.1.91, but the source address is unchanged (192.168.1.100).
For NAT to work, the reply packet has to be sent via 192.168.1.3 in order to be "de-NATed", but there's no reason why 192.168.1.91 would do that. Since 192.168.1.100 is directly reachable (it's in the same network), 192.168.1.91 will just reply to 192.168.1.100. The problem is, 192.168.1.100 is expecting a response from 192.168.1.3, not 192.168.1.91, and will therefore just discard the packet.
You have two options:
- Make sure all NAT operations take place on routers, and/or point all forwarded ports to hosts in other networks
- Perform destination NAT as well as source NAT, so that the address of the NATing host (192.168.1.3 in this case) is the source address of the packet when it arrives at the final target (192.168.1.91), ensuring that reply packets are forced to take the same path on their way back to the original client.