Problem: you have one external IP and want to run separate services on different hosts behind the router.
Here’s a small script to DNAT the router to the host behind it. Netfilter will take care of the return traffic (so no SNAT rules needed). For this script, eth0 is the external interface that owns the external IP and that 192.168.0.1 is the IP of the host running the Jabber/XMPP. Adjust to your needs.
#!/usr/bin/env bash
INTIP="192.168.0.1"
EXTIF="eth0"
for i in 5222:5223 5269 7777; do
iptables -t nat -I PREROUTING \
-i $EXTIF -p tcp --dport $i \
-j DNAT --to-destination $INTIP
iptables -I FORWARD -p tcp -d $INTIP \
--dport 5222:5223 -j ACCEPT
done
To be run as super user, obviously 😉
// Oliver