Same idea as DD-WRT but a little more work involved.
- destIP is the IP address of the destination device (your devices LAN IP)
- port is the port you wish to forward to that device
- tun1 is the tun interface of your router (please check! on some routers, it can be tun0, on Tomato it can be tun11)
- you need to forward both TCP and UDP packets
1. Format the jffs - go to Administration -> System -> Persistent JFFS partition and make sure enable both options and restart. This is where the script will go. Restart the router.
2. SSH or WINSCP (WinSCP may be easier if your not familiar with the command line) into your router and navigate to /jffs/scripts - cd /jffs/scripts
3. Type the command vi nat-start
4. Copy/paste the following into the CLI changing destIP for the destination IP (your LAN IP) and port for the port number you need to open on that LAN device - also make sure tun11 is the correct VPN interface by running ifconfig at the command line.
#!/bin/sh iptables -I FORWARD -i br0 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br0 -j ACCEPT iptables -I FORWARD -i br0 -o vlan1 -j DROP iptables -I INPUT -i tun11 -j REJECT iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE iptables -I FORWARD -i tun11 -p udp -d destIP --dport Port -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d destIP --dport Port -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp --dport Port -j DNAT --to-destination destIP iptables -t nat -I PREROUTING -i tun11 -p udp --dport Port -j DNAT --to-destination destIP
5. Make sure you obviously setup the correct ports on the TorGuard website, Save it by running the following command:
6. Now run the following command to allow us to execute:
chmod 777 nat-start
7. Reboot the router.