I am trying to create a conditional port forwarding in my TomatoUSB router. The condition must be like this:
- forward port 5060 from host 18.104.22.168 to internal host 192.168.1.10
- forward port 5060 from any host other than 22.214.171.124 to internal host 192.168.1.20
Since there is no option to negate a host in the web interface, I checked how Tomato implements the rules in /etc/iptables and I tried to create my own rules in Administration/Scripts/Firewall. This is what I came up with:
iptables -A wanin -s 126.96.36.199/32 -p udp -m udp -d 192.168.1.10 —dport 5060 -j ACCEPT
iptables -A wanin ! -s 188.8.131.52/32 -p udp -m udp -d 192.168.1.20 —dport 5060 -j ACCEPT
iptables -t nat -A WANPREROUTING -p udp -s 184.108.40.206/32 —dport 5060 -j DNAT —to-destination 192.168.1.10
iptables -t nat -A WANPREROUTING -p udp ! -s 220.127.116.11/32 —dport 5060 -j DNAT —to-destination 192.168.1.20
However, it looks like the forwarded traffic always goes to 192.168.1.20 regardless where it's coming from.
Any idea what I am doing wrong ?