Ok, here's what I tried:
Router IP: 192.168.1.1
PC IP: 192.168.1.102 (not static, but router configured to always give the same IP through dhcp)
Incoming ports: 44625 (TCP), 24374 (UDP), 2070 (UDP) - the same in both router and PC
Router configured with port forwarding disabled in the admin page, but accessed via ssh and wrote:
[code:1:44721ea5e3]iptables -t nat -I PREROUTING -p tcp --dport 44625 -j DNAT --to 192.168.1.102:44625
iptables -I FORWARD -p tcp -d 192.168.1.102 --dport 44625 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 24374 -j DNAT --to 192.168.1.102:24374
iptables -I FORWARD -p udp -d 192.168.1.102 --dport 24374 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 2070 -j DNAT --to 192.168.1.102:2070
iptables -I FORWARD -p udp -d 192.168.1.102 --dport 2070 -j ACCEPT[/code:1:44721ea5e3]
next started emule in PC. It connected and showed highid, meaning ports forwarded (this is one of the few times I love being wrong)
so, the next step is to disable port forwarding:
[code:1:44721ea5e3]iptables -I FORWARD -p tcp -d 192.168.1.102 --dport 44625 -j DROP
iptables -I FORWARD -p udp -d 192.168.1.102 --dport 24374 -j DROP
iptables -I FORWARD -p udp -d 192.168.1.102 --dport 2070 -j DROP[/code:1:44721ea5e3]
This time it took a long time to connect, and ended with lowid, ports not forwarded. So far everything's perfect. Next: final test, re-enable port forwarding.
(same commands as before)
Fast reconnect, highid. So these commands work without router reboot. Now for the final step, set a cron job for this. Apparently, cron jobs can be set in a startup script on every router boot, like this (start at 2:30, end at 8:45):
[code:1:44721ea5e3]echo '30 2 * * * iptables -t nat -I PREROUTING -p tcp --dport 44625 -j DNAT --to 192.168.1.102:44625' >> /tmp/crontab
echo '30 2 * * * iptables -I FORWARD -p tcp -d 192.168.1.102 --dport 44625 -j ACCEPT' >> /tmp/crontab
echo '30 2 * * * iptables -t nat -I PREROUTING -p udp --dport 24374 -j DNAT --to 192.168.1.102:24374' >> /tmp/crontab
echo '30 2 * * * iptables -I FORWARD -p udp -d 192.168.1.102 --dport 24374 -j ACCEPT' >> /tmp/crontab
echo '30 2 * * * iptables -t nat -I PREROUTING -p udp --dport 2070 -j DNAT --to 192.168.1.102:2070' >> /tmp/crontab
echo '30 2 * * * iptables -I FORWARD -p udp -d 192.168.1.102 --dport 2070 -j ACCEPT' >> /tmp/crontab
echo '45 8 * * * iptables -I FORWARD -p tcp -d 192.168.1.102 --dport 44625 -j DROP' >> /tmp/crontab
echo '45 8 * * * iptables -I FORWARD -p udp -d 192.168.1.102 --dport 24374 -j DROP' >> /tmp/crontab
echo '45 8 * * * iptables -I FORWARD -p udp -d 192.168.1.102 --dport 2070 -j DROP' >> /tmp/crontab
killall -9 crond; crond[/code:1:44721ea5e3]
I'll test this tonight, but any comments/fixes/better solutions are welcome.