I am trying to redirect all traffic to www.mydomain.com to my internal web server that’s on the same subnet as the users who need to access it.
why is this nat rule not working?
chain=dstnat action=dst-nat to-addresses=intenralwebserver address to-ports=80 protocol=tcp dst-address=externaladdress in-interface=bridge1 dst-port=80
Nice problem.
Try adding something like this, see if works, and then try to understand it 
:
chain=srcnat action=masquerade src-address=[local_network] dst-address=[local_network]
The cause of this is that rewriting destination an source of a packet leaves it stucked in the router. Why it works with ‘masquerade’ and not with src-nat and dst-nat? I have no idea