Well I searched about this and I couldn't find any working solutions to this.. And I know that many people are looking for a way to handle this but don't know what and which file to modify in msf.
Let me clarify the problem here...
First comes the network config:
Internet <=> Router (WAN IP) <=> BT4 (192.168.2.10)
Incoming TCP/80 packets destined to WAN IP is forwarded to BT4 so no problem with port forwarding..
When we create our own payload with msfpayload, we can specify our WAN IP and WAN PORT and then within msfconsole, we configure the handler to bind to our internal ip which is, in this case, 192.168.2.10. When the payload is executed from anywhere else, we are able to obtain a meterpreter session. Because RHOST speaks to our WAN IP. So BT users behind a router trying to achieve client-side experimentations can get this to work with this configuration.
Here comes the problem:
But this will NOT work when using exploits or launching db_autopwn with the reverse_tcp payload because we are obliged to set LHOST to our internal ip for handler to bind to this ip and unfortunately, msf will "again" use this LHOST value in exploit's payload and when we launch an exploit then the RHOST will try to connect to the internal ip that we've set..
I am looking forward to your opinions and workarounds on this.