diff --git a/Cargo.lock b/Cargo.lock
index 795188f..e640741 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1470,7 +1470,7 @@ checksum = "56770675ebc04927ded3e60633437841581c285dc6236109ea25fbf3beb7b59e"
 
 [[package]]
 name = "router"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "anyhow",
  "async-fs",
diff --git a/Cargo.toml b/Cargo.toml
index a7be779..3b447de 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "router"
-version = "0.1.0"
+version = "0.1.1"
 authors = ["asonix <asonix@asonix.dog>"]
 edition = "2018"
 build = "src/build.rs"
diff --git a/src/iptables.rs b/src/iptables.rs
index fc12f64..9172cc6 100644
--- a/src/iptables.rs
+++ b/src/iptables.rs
@@ -124,7 +124,7 @@ pub(crate) async fn forward_postrouting_snat(
     destination_ip: Ipv4Addr,
     func: impl Fn(&mut Command) -> &mut Command,
 ) -> Result<(), anyhow::Error> {
-    iptables_nat(move |cmd| {
+    iptables_nat(|cmd| {
         func(cmd).args(&[
             "POSTROUTING",
             "-s",
@@ -147,6 +147,31 @@ pub(crate) async fn forward_postrouting_snat(
             &external_ip.to_string(),
         ])
     })
+    .await?;
+
+    iptables_nat(|cmd| {
+        func(cmd).args(&[
+            "POSTROUTING",
+            "-s",
+            &format!("{}/{}", internal_ip, internal_mask),
+            "-d",
+            &destination_ip.to_string(),
+            "-p",
+            proto.as_iptables_str(),
+            "-m",
+            proto.as_iptables_str(),
+            "--dport",
+            &internal_port.to_string(),
+            "-m",
+            "conntrack",
+            "--ctstate",
+            "NEW,RELATED,ESTABLISHED",
+            "-j",
+            "SNAT",
+            "--to-source",
+            &external_ip.to_string(),
+        ])
+    })
     .await
 }