What is behind "Virtual Server" found under "NAT settings" in the web-interface? I'm asking about what is Linux doing to setup a virtual server. The source of the question is that when setting a virtual server on port 21-21 there is no iptables rule on the NAT chain as I expected so I guess there must be something else behind this service.

Use

#iptables -L -n -t nat
to see the rules which are you looking for.

It is under chain VSERVER in the NAT table.


iptables -t nat -L VSERVER -n -v

Isn't it port forwarding with a rule in the input chain?

wengi

Nope!


Chain VSERVER
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:ASUS.IP:21

Isn't it port forwarding with a rule in the input chain?

wengi

INPUT chain on the filter table is only meant for the WAN IP incomming traffic destinated to the router itself, e.g router's internal ftp server, router's internal web server, etc.

In this case, since I want to redirect the WAN traffic on port 21 (FTP) to a LAN host the filter table is not target.

In the PREROUTING chain on the NAT table there is a rule for directing to the VSERVER chain all traffic destinated to the WAN_IP.