examples of SNAT, DNAT with iptables for Conel routers, with comments (probably will work on other routers where iptables can be manipulated, care needs to be taken on applying these commands after reboot)

gistfile1.sh

# some examples of SNAT, DNAT with iptables with comments:
# mainly used in start-up script

# masquarade all outgoing packets to be WLAN0 IP
iptables -t nat -A PREROUTING -s 192.168.1.2 -i eth0 -j MASQUERADE

# All packets leaving eth0 will have src eth0 ip address
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.1

# match rule specifying a source port
# Below makes sure packets from Eth Devices have correct source IP Address
# Notice, when specifying a port, protocol needs to be specified as well
iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.1.2 -p udp --dport 16020 -j SNAT --to 10.1.1.7:51889
iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.1.2 -p tcp --dport 21 -j SNAT --to 10.1.1.7:21
iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.1.3 -j SNAT --to 10.1.1.9

# Packets destined for IP 10.1.1.7 will be forwaded to 192.168.1.2 UDP,TCP
# Packets destined for IP 10.1.1.9 will be forwaded to 192.168.1.3 UDP,TCP
# Does work with ping (ICMP) correctly
iptables -t nat -A PREROUTING -i wlan0 -d 10.1.1.7 -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -i wlan0 -d 10.1.1.9 -j DNAT --to-destination 192.168.1.3

# Packets destined for IP 10.1.1.7 will be forwaded to 192.168.1.2 UDP,TCP
# Does NOT work with ping (ICMP) correctly, does not handle ICMP protocol
# WLAN IP reply on a ping without
iptables -t nat -A PREROUTING -p tcp -i wlan0 -d 10.1.1.7 -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -p udp -i wlan0 -d 10.1.1.7 -j DNAT --to-destination 192.168.1.2

# Add secondary IP to WLAN0
ip addr add 10.1.1.7/24 dev wlan0
ip addr add 10.1.1.9/24 dev wlan0
# List all IP addresses asign to wlan0
ip add list dev wlan0