If you happen to use port-forwarding with your OpenWRT-powered Linksys WRT54GL, then you must know that there had been a problem that made DNAT unstable after some period of time - the port forwarding stopped working completely or it started redirecting to different ports (weird, isn’t it?), as described in #2558. The bug was marked as fixed two weeks ago, so you may want to give the fixed netfilter nat module a try.

This is yet tested by me, will post the results here

Update: no problems with port forwarding so far, looks like patch is correct.

For those who reach this page looking for the way how to set up port forwarding in OpenWRT without iptables magic, here it is:

/etc/config/firewall:

config redirect
 option src  $source_interface
 option src_dport $original_destination_port
 option dest  $destination_interface
 option dest_ip  $destination_ip
 option dest_port $destination_port
        option proto            $protocol

You can find more examples in default /etc/config/firewall, but here’s how I have set up my SIP forwarding:

# incoming SIP
config redirect
 option src  internet
 option src_dport 5060
 option dest  lan
 option dest_ip  192.168.1.4
 option dest_port 5060

One note, you need to run firewall script after corresponding interface initialization. In case underlying device for $source_interface is down (say ppp link) the rules related to this interface will be skipped. That’s why there is /etc/hotplug.d/iface/20-firewall.