Apologies if this is discussed elsewhere - I haven't found it.
My specific question - how can I specify the destination IP used for port forwarding? The GUI only shows the source IP and the target IP - not the requested destination.
My application - I've configured the router as an OpenVPN client. This is working. Maybe I haven't done it right…but it works. And ssh works perfectly to the router over the VPN with no further configuration. But now I need to be able to reach other services - specifically, I want the router GUI and I need ports on internal LAN clients.
Specifying the OpenVPN server IP as the source IP didn't appear to work. So…via ssh, I manually tried some iptables commands that did exactly what I wanted:
iptables -t nat -A PREROUTING -p tcp -d 10.59.97.13 —dport 80 -j DNAT —to 192.168.1.1
iptables -t nat -A PREROUTING -p tcp -d 10.59.97.13 —dport 10002 -j DNAT —to 192.168.1.6:80
where 10.59.97.13 is the VPN address of the Tomato router, 192.168.1.1 is the LAN address of the Tomato router, and 192.168.1.6 is the internal host I need to reach.
Not finding where else to configure this, I added these lines to the WAN-UP script under Administration-Scripts. But I've got to believe there's a better/easier way to accomplish this. Any suggestions?