Hi,

I've got a WRT54G. I'm accessing it by SSH.
In my private network, I've got a server. Then I have forwarded a lot of ports (SSH, HTTP, FTP, ...) to my internal server.
My problem is : I've got DNS pointing to my public IP which I redirect to my private server (with port forwarding). How do I make my router (WRT54G) redirect the internal traffic (from the LAN) for the public IP to my internal server (in the LAN) ? And how to still let the router be accessible by it's private IP from the LAN.

If anyone has a idea, that would be great.
Thanks a lot.
Bye

Here is my current firewall SCRIPT :
#!/bin/sh
. /etc/functions.sh

WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule

### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.

### Allow SSH on the WAN interface
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# iptables        -A input_rule      -i $WAN -p tcp --dport 22 -j ACCEPT

### Port forwarding
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
# iptables        -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT

### DMZ (should be placed after port forwarding / accept rules)
# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
# iptables        -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT

iptables -A INPUT -p 41 -i $WAN -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 20:22 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 20:22 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80:81 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 80:81 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 143 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 143 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 993 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 993 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 110 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 110 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 995 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 995 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 25 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 25 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 6880:6890 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 6880:6890 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 4443 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 4443 -d 192.168.1.200 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 10000 -j DNAT --to 192.168.1.200
iptables        -A forwarding_rule -i $WAN -p tcp --dport 10000 -d 192.168.1.200 -j ACCEPT

# freeplayer
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8080 -s 212.27.38.253 -j DNAT --to 192.168.1.3
iptables        -A forwarding_rule -i $WAN -p tcp --dport 8080 -s 212.27.38.253 -d 192.168.1.3 -j ACCEPT

### FreeTV Multiposte
iptables -t nat -I PREROUTING -p udp -d 82.231.36.13 -j DNAT --to-destination 192.168.1.200
iptables -I FORWARD -p udp -s 212.27.38.253 -d 192.168.1.200 -j ACCEPT

http://forum.openwrt.org/viewtopic.php?id=4030

Also, look at the multiport section of the netfilter/iptables documentation; you don't need to write a new rule for each port.