What is the exact port forwarding error message you see in the Roon Settings → ARC tab?
ARC is working fine on my Nucleus+ with a new port forwarding rule on my Cisco Meraki MX100 gateway, but I want to know if there is a way to restrict access to my network by limiting the remote IP addresses that are allowed to use the rule. I have no idea how the connection is made from my iOS device on a cell network to my Nucleus+, but maybe there is a Roon server somewhere in the middle with an IP address I can specifically allow?
When playing local tracks, Roon ARC communicates directly with your core’s external IP on the port you designate in Roon>Settings>Roon ARC. The account authentication we do is taken care of by the core for both local and streamed (Tidal or Qobuz) music. When playing music from Tidal or Qobuz, the streams are delivered directly from those platforms to the device and only the aforementioned authentication is via the core.
I hope that clarifies some things for you. Please let me know if you have any further questions.