Redirect port to internal network
DNAT and SNAT settings if you need diferent default gateway in network (I Know… Little Slower)
# Flush NAT rulez
iptables -t nat -F
# Set DNAT and accept it only from PUBLICCLIENTIP at WANPORT
iptables -t nat -A PREROUTING --src PUBLICCLIENTIP --dst PUBLICROUTERIP -p tcp --dport WANPORT -j DNAT --to-destination LANIP:LANPORT
# Set SNAT for port LANIP/LANPORT
iptables -t nat -A POSTROUTING -p tcp --dst LANIP --dport LANPORT -j SNAT --to-source LANROUTERIP
— There are 2x NATs (Source,Destination) in this example, but in most cases you need this, because server on LAN IP must send data to internal IP of the router (not to default gw).
