This is a terrible solution to be honest.
This makes all incoming connections look like they are coming from the router it self.
TS3 server running on ip 192.168.1.69 on port 9987
You add port 9987 to port forwarding towards ip 192.168.1.69.
By default this will not work for some reason port forwarding is not forwarding connections correctly
If you use the following command "iptables -t nat -A POSTROUTING -j MASQUERADE" the portforwarding will work.
But if you look on a client connected to the TS3 server they will list as client ip "192.168.1.1:xxxxx"
This means that you will not see the actual ip of the connected client.
There must be a better way to fix the port forwarding.
FW used is DD-WRT v24-sp2 (07/20/12) std
(SVN revision 19519)
Also experianced on DD-WRT v24SP2- (03/25/13) std
(SVN revision 21061)
Remove the "-j MASQUERADE" and the correct external address will appear in the logs. (tested with Buffalo N600 w/Firmware: DD-WRT v24SP2-MULTI (11/04/12) std)
Keep in mind that command iptables -t nat -A POSTROUTING -j MASQUERADE performs incoming Network Address Translation (NAT) and has the effect of translating (spoofing) all incoming external IP addresses into local IP addresses.
In my system this had the effect of making my Plex Media Server, which is designed to require authentication from external addresses but not local addresses, open to anyone who knew my external IP and the Plex Port.
In effect it opens a massive security hole into your system.
For ALL of you struggling on port forwarding not working, please TRY move your whole attempt to the "Port Range Forwarding" tab. It might sound stupid even when it's just a single port, but at least it works like a charm for me. And then you probably needn't worry the loophole that @roniez mentioned.
Router Model: Netgear WNDR3700 v2
Firmware Version: DD-WRT v3.0-r31924 std (05/02/17)
Kernel Version: Linux 3.10.105 #31634 Tue May 2 03:53:54 CEST 2017 mips
I spent two whole days to troubleshoot. Flashed different firmware versions, exchanged different routers, played DMZ settings, moved my target NAS between two cascade routers. And of course read the following URLs again and again...