Forwarding Ports from VPS Server via Zerotier to local Windows client

Hi community,

i am stucked a bit on following problem:
i am using a VPS Server to have a fixed IP for remote access purposes. i have setup Zerotier there fine (ubuntu 20.04 LTS) and managed with all the faq reading so that i can connect from my smartphone to the vps server and “surf” with the IP of the VPS Server.
Now i would like to tunnel a port from this VPS Server via Zeroptier to a client in the network (a windows pc with a webbased configuration tool i would like to make accessable from external users.

UFW Tells me:
sudo ufw status
Status: active

To Action From

9993/udp ALLOW Anywhere
22 ALLOW (office ip)
22 ALLOW (thats from internal net) 9710/tcp ALLOW Anywhere (thats my VPS Server IP) i want to use Port 9710
9993/udp (v6) ALLOW Anywhere (v6)

In the /etc/ufw/before.rules i added the following

(A) Zerotier NAT

-A PREROUTING -i eth0 -d -p tcp --dport 9710 -j DNAT --to-destination

(the following is part of the “use zerotier as default route”
-A POSTROUTING -o eth0 -s -j SNAT --to-source

At the end of the before.rules there i added also for default routing the following:

(B) Zerotier forwarding

-A FORWARD -i zt+ -s -d -j ACCEPT
-A FORWARD -i ens+ -s -d -j ACCEPT

don’t delete the ‘COMMIT’ line or these rules won’t be processed


I know that iptables, ufw and routing is a magic part in linux world, but i realy would like to understand what i am doing wrong…
(from the VPS i can ping the internal .175 windows pc, i can also telnet to port 9710, so the zerotier tunnel seems to be fine…

thanks a lot for some tips and help

I think the ! -d is not necessary. Is the port on your Windows device opened (9710)? Is the default route of the Windows device the vps?