This network setup is a bit complicated. I realize it'd be much easier to redo most of it and I wouldn't have this issue in the first place, but with what was laying around in the hardware closet, this is what I have. Couldn't run coax or cat5 across the house, so I had to make a wireless bridge basically.
Cable Modem -> Router (192.168.1.*) -> Old Laptop wlan0 (192.168.1.7 DMZ'd) -[forwarding rules]> Old laptop eth0 (10.0.0.1) -[crossover cable]> IPCop Box (10.0.0.2) on RED & 192.168.0.1 on GREEN
1.) Sometimes ALL ports from the outside forward to apache2 on an internal box.
2.) Sometimes NO ports at all forward to an internal box
I'm lost there.
If I nmap from laptops eth0 to inside everything's normal, so I know IPCop is forwarding things just fine.
If I nmap from laptops wlan0 to inside I get nothing. No hosts up regardless of scan type.
So I know its an issue with the laptops forwarding rules.
I'm currently using MASQ to do the job, but I think it may be time to switch to SNAT.
I've searched here, and found this:
iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <SERVER'S_EXTERNAL_IP>
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.24:80
Which should adapt to this:
iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to-source 192.168.1.7
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
Repeat last statement for ports needing forwarding, but isn't working.