Where 192.168.0.0/24 is your LAN and 10.0.0.1 is your WAN IP.
Know this thread is a bit old, but thanks for that^
Better form to use:
Code:
.... --to-source `nvram get wan_ipaddr`
For users that have their Internet Provider frequently change Internet/WAN IP. Though a router reboot may be needed to update iptables to current WAN addr.
No harm that I can see using this (instead) either way.