If you happen to use port-forwarding with your OpenWRT-powered Linksys WRT54GL, then you must know that there had been a problem that made DNAT unstable after some period of time – the port forwarding stopped working completely or it started redirecting to different ports (weird, isn’t it?), as described in #2558. The bug was marked as fixed two weeks ago, so you may want to give the fixed netfilter nat module a try.
Update: no problems with port forwarding so far, looks like patch is correct.
For those who reach this page looking for the way how to set up port forwarding in OpenWRT without iptables magic, here it is:
config redirect option src $source_interface option src_dport $original_destination_port option dest $destination_interface option dest_ip $destination_ip option dest_port $destination_port option proto $protocol
You can find more examples in default /etc/config/firewall, but here’s how I have set up my SIP forwarding:
# incoming SIP config redirect option src internet option src_dport 5060 option dest lan option dest_ip 192.168.1.4 option dest_port 5060
One note, you need to run firewall script after corresponding interface initialization. In case underlying device for $source_interface` is down (say ppp link) the rules related to this interface will be skipped. That’s why there is /etc/hotplug.d/iface/20-firewall.