Ok so i followed the Getting started tips and it does not forward as i would like.
I used the awk script as a guide as to what i need (b/c i thought it really emulated what the stock Linksys had done).
I have a webserver on the other side of my router that only accepts https connections (port 443). Let's pretend that the public web address is hugemikeyd.com, now i would like to be able to type "https://www.hugemikeyd.com" on my LAN and should be able to resolve it properly, but it does not seem to work. Now here is my firewall script:
#!/bin/sh
. /etc/functions.sh
WAN=$(nvram get wan_ifname)
IPT=/usr/sbin/iptables
for T in filter nat mangle ; do
$IPT -t $T -F
$IPT -t $T -X
done
$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
#SSH Forwarding
$IPT -A FORWARD -p tcp -i $WAN --dport 22 -j ACCEPT
$IPT -A PREROUTING -t nat -p tcp -i $WAN --dport 22 -j DNAT --to-destination 192.168.1.8:22
$IPT -A INPUT -p tcp -i $WAN --dport 22 -j ACCEPT
#HTTPS Forwarding
$IPT -A FORWARD -p tcp --dport 443 -j ACCEPT
$IPT -A PREROUTING -t nat -p tcp --dport 443 -j DNAT --to-destination 192.168.1.8:443
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset
$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with icmp-port-unreachable
$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP
$IPT -t filter -A FORWARD -o $WAN -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
As you can see i would like both port 22 and 443 to go to my server, but i would also like to be able to resolve it from my lan.
I must be missing something stupid...