Firewall update script

I assume, that you have the package bind-dig installed and working.
This is an example for the laptop. You'll have to multiply the rules for the other devices.

Create the initial rule(s) in /etc/firewall.user

#Get the laptop public IP address
LAPTOP=$(dig +short laptop.freeddns.org)

#If the IP address cannot be found, use some dummy IP address to create the rule 
if [ -z "$LAPTOP" ]; then
LAPTOP="123.123.123.123"
fi

#Save the current laptop IP address
echo "$LAPTOP" > /tmp/LAPTOP.sav

#Create the DNAT rules
iptables -t nat -A prerouting_wan_rule -m comment --comment "LAPTOP-TCP" -m tcp -p tcp -s "$LAPTOP"/32 -m multiport --dports 15251:15255 -j DNAT --to-destination 192.168.70.250:15251-15255
iptables -t nat -A prerouting_wan_rule -m comment --comment "LAPTOP-UDP" -m udp -p udp -s "$LAPTOP"/32 -m multiport --dports 15251:15255 -j DNAT --to-destination 192.168.70.250:15251-15255

Here is an example of the update script:

#!/bin/sh

#Get the laptop real IP address
LAPTOP=$(dig +short laptop.freeddns.org)

#Get the last known laptop IP address
laptop=$(cat /tmp/LAPTOP.sav)

#Update the rules if the laptop has a new ip address
if [ ! -z "$LAPTOP" ] && [ "$laptop" != "$LAPTOP" ]; then
#Get the rule numbers
rntcplaptop=$(iptables -t nat -L --line-numbers | grep LAPTOP-TCP | awk '{ print $1 }')
rnudplaptop=$(iptables -t nat -L --line-numbers | grep LAPTOP-UDP | awk '{ print $1 }')
#Replace the rules
iptables -t nat -R prerouting_wan_rule "$rntcplaptop" -m comment --comment "LAPTOP-TCP" -m tcp -p tcp -s "$LAPTOP"/32 -m multiport --dports 15251:15255 -j DNAT --to-destination 192.168.70.250:15251-15255
iptables -t nat -R prerouting_wan_rule "$rnudplaptop" -m comment --comment "LAPTOP-UDP" -m udp -p udp -s "$LAPTOP"/32 -m multiport --dports 15251:15255 -j DNAT --to-destination 192.168.70.250:15251-15255
#Update the laptop IP address
echo "$LAPTOP" > /tmp/LAPTOP.sav
fi

Create a cron job

*/10 * * * * /root/update.scr 1>/dev/null 2>&1

Check your custom rules, running the following command:

iptables -t nat -nvL prerouting_wan_rule