I got called away to another project earlier today. Anyway:
Testing port forward port 45123 via sim public IP - no captures (is this a damning of the SIM provider ?)
Testing port forward port 45123 from lan side with public IP routed to the TRB140 lan (the situation where I would expect the route to be 'bounced back' and work) (it didn't):
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
16:59:25.222302 IP (tos 0x0, ttl 128, id 19556, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.100.53022 > 86.106.16.152.45123: Flags [S], cksum 0x3c4e (correct), seq 281631118, w
in 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:59:28.227465 IP (tos 0x0, ttl 128, id 19581, offset 0, flags [DF], proto TCP (6), length 52)
192.168.1.100.53022 > 86.106.16.152.45123: Flags [S], cksum 0x3c4e (correct), seq 281631118, w
in 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:59:34.226566 IP (tos 0x0, ttl 128, id 19633, offset 0, flags [DF], proto TCP (6), length 48)
192.168.1.100.53022 > 86.106.16.152.45123: Flags [S], cksum 0x5057 (correct), seq 281631118, w
in 8192, options [mss 1460,nop,nop,sackOK], length 0
Now I enable ZeroTier VPN and change port forward rule (source now any host in zerotier) (still didn't work):
root@Teltonika-TRB140:~# tcpdump -i any -n -v 'port 45123'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
16:42:33.272043 IP (tos 0x0, ttl 128, id 261, offset 0, flags [DF], proto TCP (6), length 52)
10.244.1.100.50494 > 10.244.10.98.45123: Flags [S], cksum 0x4025 (correct), seq 1639518452, wi
n 8192, options [mss 2760,nop,wscale 2,nop,nop,sackOK], length 0
16:42:33.273112 IP (tos 0x0, ttl 127, id 261, offset 0, flags [DF], proto TCP (6), length 52)
10.244.1.100.50494 > 192.168.1.7.45123: Flags [S], cksum 0x93cb (correct), seq 1639518452, win
8192, options [mss 2760,nop,wscale 2,nop,nop,sackOK], length 0
16:42:33.273354 IP (tos 0x0, ttl 127, id 261, offset 0, flags [DF], proto TCP (6), length 52)
10.244.1.100.50494 > 192.168.1.7.45123: Flags [S], cksum 0x93cb (correct), seq 1639518452, win
8192, options [mss 2760,nop,wscale 2,nop,nop,sackOK], length 0
16:42:36.197751 IP (tos 0x0, ttl 128, id 262, offset 0, flags [DF], proto TCP (6), length 52)
10.244.1.100.50494 > 10.244.10.98.45123: Flags [S], cksum 0x4025 (correct), seq 1639518452, wi
n 8192, options [mss 2760,nop,wscale 2,nop,nop,sackOK], length 0
16:42:36.198178 IP (tos 0x0, ttl 127, id 262, offset 0, flags [DF], proto TCP (6), length 52)
10.244.1.100.50494 > 192.168.1.7.45123: Flags [S], cksum 0x93cb (correct), seq 1639518452, win
8192, options [mss 2760,nop,wscale 2,nop,nop,sackOK], length 0
16:42:36.198452 IP (tos 0x0, ttl 127, id 262, offset 0, flags [DF], proto TCP (6), length 52)
10.244.1.100.50494 > 192.168.1.7.45123: Flags [S], cksum 0x93cb (correct), seq 1639518452, win
8192, options [mss 2760,nop,wscale 2,nop,nop,sackOK], length 0
16:42:42.222991 IP (tos 0x0, ttl 128, id 263, offset 0, flags [DF], proto TCP (6), length 48)
10.244.1.100.50494 > 10.244.10.98.45123: Flags [S], cksum 0x542e (correct), seq 1639518452, wi
n 8192, options [mss 2760,nop,nop,sackOK], length 0
16:42:42.223398 IP (tos 0x0, ttl 127, id 263, offset 0, flags [DF], proto TCP (6), length 48)
10.244.1.100.50494 > 192.168.1.7.45123: Flags [S], cksum 0xa7d4 (correct), seq 1639518452, win
8192, options [mss 2760,nop,nop,sackOK], length 0
16:42:42.223662 IP (tos 0x0, ttl 127, id 263, offset 0, flags [DF], proto TCP (6), length 48)
10.244.1.100.50494 > 192.168.1.7.45123: Flags [S], cksum 0xa7d4 (correct), seq 1639518452, win
8192, options [mss 2760,nop,nop,sackOK], length 0
I realize there are a few repeats in there but I haven't deleted anything.
Hope this helps ?