New build dated 06-Mar-2006 include web configuration to forward port.
This build save configuration in file /etc/config/firewall which is called from /etc/init.d/S45firewall, create temporal script in /tmp, execute this script and delete on exit.
The command is exactly same how I show in my original post, and of course, this do not work.
I have needed to redirect an internal web server and go again to DD-WRT but allways wait for one release of OpenWRT that make easy and effective forwarding ports.
I think that the problem is surely iptables and, if any guy like search by this thread, I put here the result on iptables -L command in DD-WRT (wich work ok...to day).
I redirect ports from insanity.lan (192.168.33.90) in this schemme (router=192.168.33.1).
tcp 8080
udp 3412
tcp 4500
tcp and udp range 6881:7000
no other exotic configuration is used.
~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpt:route
DROP udp -- anywhere anywhere udp dpt:route
ACCEPT udp -- anywhere anywhere udp dpt:route
DROP icmp -- anywhere anywhere
DROP igmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
logaccept all -- anywhere anywhere state NEW
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT gre -- 192.168.33.0/24 anywhere
ACCEPT tcp -- 192.168.33.0/24 anywhere tcp dpt:1723
ACCEPT all -- anywhere anywhere
logdrop all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460
lan2wan all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere insanity.lan udp dpt:3412
ACCEPT tcp -- anywhere insanity.lan tcp dpt:4500
ACCEPT tcp -- anywhere insanity.lan tcp dpt:webcache
ACCEPT tcp -- anywhere insanity.lan tcp dpts:6881:bbs
ACCEPT udp -- anywhere insanity.lan udp dpts:6881:7000
TRIGGER all -- anywhere anywhere TRIGGER type:in match:0 relate:0
trigger_out all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (0 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (1 references)
target prot opt source destination
Chain logaccept (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain logdrop (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp reject-with tcp-reset
Chain trigger_out (1 references)
target prot opt source destination
----
Sorry by this extensed post.