I found some interesting iptable commands in a script that tebby_b wrote:
iptables -A FORWARD -i '$IFNAME' -j wanin
iptables -A FORWARD -o '$IFNAME' -j wanout
iptables -A FORWARD -i '$IFNAME' -j upnp
With these command a new interface called $IFNAME (which can be anything, for instance a pptp interface or openVPN interface) will be linked to wanin, wanout and upnp.
The portforwarding code and miniupnp in tomato seems to applied to these subchains and PREROUTING, like you explained.
I am just wondering what "being linked" actually means.
For instance when we link the FORWARD chain with wanin in the example above, does that mean that the wanin chain will be "inserted" before or behind the forward chain, or does it replace the FORWARD chain? Or in wanin/wanout a chain that's parallel to FORWARD? What's the flow of the data?
I've tried the famous Iptables Tutorial 1.1.19, but it's kinda hard to separate the essential information from the details.