Make WAN address always respond as such (iptables rules?)

Andrew Jorgensen andrew.jorgensen at
Tue Jan 23 14:51:53 MST 2007

On 1/23/07, Nicholas Leippe <nick at> wrote:
> You'll need both a DNAT and a SNAT rule if you don't want to do an internal
> zone in your DNS.  See:

Thanks for this, Nicholas, I think it's almost what I'm looking for
but if I'm reading it correctly the example is just forwarding the lan
port 80 to the internal web server as well.  I want it to do that only
if the destination address is the external address.

I suppose one of my problems is going to be that I don't know my
external address until after dhcp is up, but it wouldn't be a big deal
to have something run as a dhcp change hook.

And here's the example for others reading:
# iptables -t nat -A POSTROUTING -d -s \
        -p tcp --dport 80 -j SNAT --to

