& to continue fordeck's post,
either set your lan client(192.168.1.249)'s gateway as 192.168.1.2
OR
run another POSTROUTING rule at firewall.
Code:
iptables -t nat -A POSTROUTING -p tcp --dport 8500 -d 192.168.1.249 -j SNAT --to 192.168.1.2
And if in case you are already running any firewall script, you got to allow this traffic from FORWARD (--dport 8500) chain as well.