I'm running apache inside my local lan and hosts connect fine whether they're inside or outside the firewall because I'm not using static href's. But one exception while logging into my phpBB, in the status bar I see it trying to connect to my public IP. What ends up happening after viewing the flow of packets with tcpdump is this:

Inside client sends Syn to eth0 on my firewall. The webserver receives the Syn from eth1 on my firewall (gateway IP), then the webserver sends the SynAck directly to the client. The client barfs and sends a RESET because the SynAck packets didn't return from the original path, rather directly from the webserver.

Does anybody know of an iptables MASQ trick for this one scenario?