I have a generic Linux home router. I can change iptables on it by telnet to console. Currently, it is set up to forward all incoming connections to machine on my internal network, using something called a DMZ server. This setting is pretty common on home routers.
It has two ports open on the LAN interface (port 80 and port 23). These ports are used to configure it using http and telnet respectively. Both these ports appear filtered (no response, time out) if accessed via WAN interface.
What iptables rules should I add (and/or remove) to enable to router to forward port 80 (and 23) to the 'DMZ' server, if these ports are accessed from WAN interface, and to keep these ports accessible for router configuration if accessed from the LAN interface?