My Ubuntu 22.04 drops all incoming requests from outside of network

I'm having troubles with my new Ubuntu server installation (Ubuntu 22.04.1 LTS - 5.15.0-56-generic x86_64).

I ran PHP built-in server, and listen on port 8080 on all interfaces:

php -S 0.0.0.0:8080

When I tried to check it from other computers in the same networks, it worked (192.168.1.18 is the IP of the server)

curl -I http://192.168.1.18:8080

HTTP/1.1 200 OK

However, when I configured the router to open port 8080 and forward all requests to 192.168.1.18:8080, I cannot connect to the server anymore, the server dropped the connection as soon as it arrived:

curl -I http://<External IP>:8080

curl: (56) Recv failure: Connection reset by peer

From the PHP log, I saw this

<Client IP>:53799 Accepted
<Client IP>:53799 [200]: HEAD /
<Client IP>:53799 Closing

I tried to do the same on another computer (listening on port 8080 on my Mac, having the router to forward requests into it) and everything worked normally, so I'm pretty sure the problem was not on the router - I was using NAT for years on this router.

I checked the ufw but it said it's inactive

$ ufw status
Status: inactive

Also iptables

$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

tcpdump captured packes

$ tcpdump port 8080
01:39:24.729154 IP <Client IP>.60626 > ubuntu-22.http: Flags [S], seq 2953074355, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2461284049 ecr 0,sackOK,eol], length 0
01:39:24.731151 IP <Client IP>.60626 > ubuntu-22.http: Flags [.], ack 3852377597, win 2058, options [nop,nop,TS val 2461284051 ecr 813415924], length 0
01:39:24.731153 IP <Client IP>.60626 > ubuntu-22.http: Flags [P.], seq 0:86, ack 1, win 2058, options [nop,nop,TS val 2461284051 ecr 813415924], length 86: HTTP: GET / HTTP/1.1
01:39:24.731992 IP <Client IP>.60626 > ubuntu-22.http: Flags [R], seq 2953074442, win 0, length 0
01:39:24.836197 IP <Client IP>.60626 > ubuntu-22.http: Flags [P.], seq 0:86, ack 1, win 2058, options [nop,nop,TS val 2461284156 ecr 813415924], length 86: HTTP: GET / HTTP/1.1

Have you ever faced it? Or I'm missing something on Ubuntu? Thanks! Much appreciated!

This cannot work.

You are trying to go through a NAT rule to an IP from outside the LAN to an IP inside the LAN. You're asking the router to put the traffic through the same interface twice (from public IP to your nat'd source port public IP which is the only interface it has on that network). Things have to route BETWEEN interfaces, one to another, not between "addresses" or other abstractions. This traffic will be auto-dropped as it will never run through the NAT rule.

Short is:

1. Inside->Outside IP - Works
2. Inside->Outside IP NAT'd to Inside IP - Doesn't not, and will never work.

Undo anything fancy you've done, restore the NAT rules, and use it properly. Access the server via the LAN IP only or loopback. Use a tool like this to see if remote access can succeed and your rules are working.