Hi,

I'm running Kamikaze 7.07 and have a webserver running on a machine on the LAN.  I have port 80 on the WAN address forwarded to the local webserver's port 80.  Port forwarding for requests from the WAN to port 80 seems to work (although it has frequent response problems -- see http://forum.openwrt.org/viewtopic.php?id=12241 for details on that).  However, requests from machines on the LAN to the WAN address port 80 get handled by httpd running on Kamikaze instead of being forwarded back into the LAN.

I'm not quite sure how to tell iptables to do "forward packets bound for [WAN IP address] port 80 coming from the LAN to [LAN webserver address] port 80".  I tried

iptables -t nat -A prerouting_rule -p tcp --dport 80 -s 10.69.69.0/255.255.255.0 -d $my_wan_ip -j DNAT --to 10.69.69.2:80

but this appears to have done nothing.  What's the right way to do this?

Also, is there a way to track which rules are being followed in the iptables chain, short of adding -j LOG everywhere?

well i found a way to to this

add something like this to your firewall.user

##INSIDE LAN TO WEBSRV
iptables -t nat -A prerouting_rule -d (EXTIP) -p tcp --dport 80 -j DNAT --to WEBSRV
iptables -A forwarding_rule -p tcp --dport 80 -d 192.168.2.2 -j ACCEPT
iptables -t nat -A postrouting_rule -s 192.168.2.0/24  -p tcp --dport 80 -d 192.168.2.2 -j MASQUERADE

it worked for me

P.S. (if you haven't messed around with openwrt's lan config use 192.168.1.x instead of 192.168.2.x)

Best Regards