diff --git a/CHANGELOG b/CHANGELOG
index cce25f7..cc14788 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,8 @@ CHANGES:
 	- Applied a security patch from Andrew Griffiths, use setgroups() to
 		limit the groups of the user
 	- Applied a patch to make iodine work on (Open)Solaris, from Albert Lee
+	- Added option in server (-c) to disable IP/port checking on each packet,
+		will hopefully help when server is behind NAT
 
 2007-11-30: 0.4.1 "Tea Online"
 	- Introduced encoding API
diff --git a/man/iodine.8 b/man/iodine.8
index ac7a9eb..2559b35 100644
--- a/man/iodine.8
+++ b/man/iodine.8
@@ -1,5 +1,5 @@
 .\" groff -man -Tascii iodine.8
-.TH IODINE 8 "JUN 2007" "User Manuals"
+.TH IODINE 8 "JUL 2008" "User Manuals"
 .SH NAME
 iodine, iodined \- tunnel IPv4 over DNS
 .SH SYNOPSIS
@@ -25,7 +25,7 @@ iodine, iodined \- tunnel IPv4 over DNS
 
 .B iodined [-h]
 
-.B iodined [-f] [-s] [-u
+.B iodined [-c] [-s] [-f] [-u
 .I user
 .B ] [-P
 .I password
@@ -62,10 +62,6 @@ Print usage info and exit.
 .B -f
 Keep running in foreground.
 .TP
-.B -s
-Don't try to configure IP address or MTU. This should only be used if
-you have already configured the device that will be used.
-.TP
 .B -u user
 Drop privileges and run as user 'user' after setting up tunnel.
 .TP
@@ -82,6 +78,14 @@ Use the TUN device 'device' instead of the normal one, which is dnsX on Linux
 and otherwise tunX.
 .SS Server Options:
 .TP
+.B -c
+Disable checks on client IP and port on all incoming requests.
+This might help if server is behind a NAT firewall.
+.TP
+.B -s
+Don't try to configure IP address or MTU. This should only be used if
+you have already configured the device that will be used.
+.TP
 .B -m mtu
 Set 'mtu' as mtu size for the tunnel device. This will be sent to the client
 on connect, and the client will use the same mtu.
diff --git a/src/iodined.c b/src/iodined.c
index 1a9f466..f1e8538 100644
--- a/src/iodined.c
+++ b/src/iodined.c
@@ -49,6 +49,7 @@ static char *topdomain;
 static char password[33];
 static struct encoder *b32;
 
+static int check_ip;
 static int my_mtu;
 static in_addr_t my_ip;
 
@@ -191,8 +192,8 @@ tunnel_dns(int tun_fd, int dns_fd)
 		users[userid].last_pkt = time(NULL);
 		login_calculate(logindata, 16, password, users[userid].seed);
 
-		if (dummy.q.fromlen != users[userid].addrlen ||
-				memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0) {
+		if (check_ip && (dummy.q.fromlen != users[userid].addrlen ||
+				memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0)) {
 			write_dns(dns_fd, &(dummy.q), "BADIP", 5);
 		} else {
 			if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) {
@@ -248,8 +249,8 @@ tunnel_dns(int tun_fd, int dns_fd)
 		}
 
 		/* Check sending ip number */
-		if (dummy.q.fromlen != users[userid].addrlen ||
-				memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0) {
+		if (check_ip && (dummy.q.fromlen != users[userid].addrlen ||
+				memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0)) {
 			write_dns(dns_fd, &(dummy.q), "BADIP", 5);
 		} else {
 			/* decode with this users encoding */
@@ -402,7 +403,7 @@ static void
 usage() {
 	extern char *__progname;
 
-	printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
+	printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
 		"[-l ip address to listen on] [-p port] [-P password]"
 		" tunnel_ip topdomain\n", __progname);
 	exit(2);
@@ -413,11 +414,13 @@ help() {
 	extern char *__progname;
 
 	printf("iodine IP over DNS tunneling server\n");
-	printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
+	printf("Usage: %s [-v] [-h] [-c] [-s] [-f] [-u user] [-t chrootdir] [-d device] [-m mtu] "
 		"[-l ip address to listen on] [-p port] [-P password]"
 		" tunnel_ip topdomain\n", __progname);
 	printf("  -v to print version info and exit\n");
 	printf("  -h to print this help and exit\n");
+	printf("  -c to disable check of client IP/port on each request\n");
+	printf("  -s to skip creating and configuring the tun device which then has to be created manually\n");
 	printf("  -f to keep running in foreground\n");
 	printf("  -u name to drop privileges and run as user 'name'\n");
 	printf("  -t dir to chroot to directory dir\n");
@@ -463,6 +466,7 @@ main(int argc, char **argv)
 	mtu = 1024;
 	listen_ip = INADDR_ANY;
 	port = 53;
+	check_ip = 1;
 	skipipconfig = 0;
 
 	b32 = get_base32_encoder();
@@ -478,11 +482,14 @@ main(int argc, char **argv)
 	memset(password, 0, sizeof(password));
 	srand(time(NULL));
 	
-	while ((choice = getopt(argc, argv, "vsfhu:t:d:m:l:p:P:")) != -1) {
+	while ((choice = getopt(argc, argv, "vcsfhu:t:d:m:l:p:P:")) != -1) {
 		switch(choice) {
 		case 'v':
 			version();
 			break;
+		case 'c':
+			check_ip = 0;
+			break;
 		case 's':
 			skipipconfig = 1;
 			break;