Here is the situation:
I have a ActionTech 701 DSL model/router, running BusyBox embedded linux, seems have iptables running to enable port forwarding.
DSL modem is hooked to a switch, 3 go to other fixed ip PC (2 Windows, 1 RedHat Linux), Redhat has everything( httpd, named, sendmail) and another one goes to Wireless router. 2 Laptops are connected with Wireless router and get access to all other LAN devices and external internet.
The wiring is as following
ISP --> DSL Modem --> Linux (WWW, DNS, POP3, SMTP)
--> WIN PC1
--> WIN PC2
--> Wireless router --> Win PC 3
--> Win Pc 4

The port forwarding is enabled in DSL modem, and works fine in PC1 or 2 according to P2P programs like BT.

The google search result shows that the ActionTech modem has a problem with internal port forwarding, that means PC 1,2,3,4 can not access Linux in port 80, 53,...etc using something like www.murou.com or ns1.murou.com.

I am not sure how to use iptables to resolve this problem. I tried the following but looks like it's not working

and
What's the problem? Help me out... thank you!
since I cannot test my DNS setting, could somebody help me to dig www.murou.com? Thanks!

These are rules to allow certain tcp ports to be forwarded your linux box, and to make it possible for internal boxes to access the services using external addresses. You still need to add rules to allow ACCEPTED,RELATED connections, to NAT outgoing packets, etc.

I just tried your script. The IPTable lists the following as execution result:
<code>Chain POSTROUTING (policy ACCEPT)</code>
<code>SNAT all -- 192.168.0.0/24 192.168.0.0/24 to:192.168.0.1</code>

BTW, the modem already has used the following:
<code> MASQUERADE all -- anywhere anywhere</code>

But I still cannot access the 192.168.0.30 through port 80 using WAN IP.

The only solution here is add those names bind to 192.168.0.30 into hosts file.
<code> 192.168.0.30 mail.murou.com </code>

I just tried my mail server, I can send out emails but cannot reply to the address... weird!!

As you say, internal DNS is an alternative solution. The point of the iptables rules above is to add the extra SNAT rule, which makes the DNS solution unnecessary. It would be nice to see a dump of all your rules.

The modem provides a web interface to set up the port forwarding, but I don't have access to the source code.

Using <Code>iptables -t nat -L </Code>
I can get
<Code>
Chain PREROUTING (policy ACCEPT)
iptables -t nat -A PREROUTING -d $IP_EXT -p tcp --dports $TCP_PORTS -j DNAT --to-destination ${LAN_HOST[0]}
(added by web interface)
Chain POSTROUTING (policy ACCEPT)
MASQUERADE all -- anywhere anywhere (already added by the modem itself)
SNAT all -- 192.168.0.0/24 192.168.0.0/24 to:192.168.0.1 (I added it manually)
</Code>

After I added the postrouting SNAT rule, I cannot use telnet to login into the modem for a while, tried to remove the SNAT entry by another machine.

I will try some sniffer tool.

I got some response from ActionTec, they said, due to the limitation of the firmware, it's impossible to access LAN devices using external WAN IP within this LAN.

The firmware actually is running BusyBox embedded Linux, sombody knows what can cause this problem?

ActionTec DSL modems is widely used by Qwest DSL users.