I need to forward traffic coming into a cloud-provisioned Ubuntu VPS at 126.96.36.199 on port 1234 to port 5678 on local Windows computer (192.168.0.200, which is behind a Tomato router at 188.8.131.52 / 192.168.0.1), but to preserve the originating IP address. The router forwards port 5678 to the Windows machine. When I run this on the VPS: iptables -t nat -A PREROUTING -p tcp --dport 1234 -j DNAT --to-destination 184.108.40.206:5678 iptables -t nat -A POSTROUTING -p tcp -d 220.127.116.11 --dport 5678 -j SNAT --to-source 18.104.22.168 then the packets get forwarded but the Windows server at 22.214.171.124 192.168.0.200 thinks everything is coming from 126.96.36.199. The originating IP is lost. Is there a way to leave out the POSTROUTING SNAT command and tell the Tomato router to route all relevant traffic back from 188.8.131.52 192.168.0.200 back through 184.108.40.206?