Making Port Forwarded Connections Accessible From The Intranet Lan

# Enabling many:one IP masquerading from the LAN to the Internet (i.e. out the $WAN interface) iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# port forwarding $WAN_IP:25 to $SMTP_SVR_IP:25 iptables -t nat -A POSTROUTING -d $WAN_IP -p tcp –dport 25 -j DNAT –to $SMTP_SVR_IP iptables -A FORWARD -i $WAN -p tcp –dport 25 -d $SMTP_SVR_IP -j ACCEPT

# Making this cruft work from the intranet # i.e. DESK_IP -> WAN_IP:25

# Bad rule: iptables -t nat -A POSTROUTING -o $LAN -j SNAT –to-source $WAN_IP

# Good rule: iptables -t nat -A POSTROUTING -o $LAN -s 192.168.1.0/24 -j SNAT –to-source $WAN_IP