So you want to map a public IP to a private IP behind your Linux (netfilter) based firewall. Here is the syntax:
## Standard Stuff ## echo 1 > /proc/sys/net/ipv4/ip_forward iptables --table nat -A POSTROUTING -o eth0 -j SNAT --to $NAT_IP ## The 1:1 NAT stuff ## iptables -t nat -A PREROUTING -d $EXTERNAL_IP -j DNAT --to-destination $INTERNAL_IP iptables -t nat -A POSTROUTING -s $INTERNAL_IP -j SNAT --to-source $EXTERNAL_IP iptables -t nat -A POSTROUTING -s $INTERNAL_NET -d $INTERNAL_IP -j SNAT --to-source $NAT_IP
Where $NAT_IP is the external IP of your firewall. The last rule is required if you want hosts on your internal net to be able to talk to that external IP as well.