checkpoint & subnet->host NAT

Howdy y'all,
 I have an interesting situation. Below is a simple layout:

                                    Internet
                                          |
<client>10.1.0.0/16 ------[fw]----internal DNS

I have the client machines all being controlled by a 3rd party, so I 
don't have any control over what they assign as their IP or DNS server. 
However I route all of their traffic through my firewall (sorry you 
won't get an explination why, just assume it's so:).

The problem is that they are assigned DNS servers on the internet (lets 
say 64.221.222.0/24 (just random #'s I just made up, but just assume 
it's that).

What I want to do is take all requests from the <client> going to the 
internet based DNS Servers (udp 53) and redirect that traffic (using nat 
or not, whatever we can get working), to internal DNS servers.

So if I was doing this with linux/iptables, I would just redirect udp 
port 53 on the <client> network over to my internal DNS IP's, however on 
the checkpoint I've found that it doesn't like to have source net NAT to 
a destination host. It seems to want net->net or host->host, which won't 
work as we don't know if or when the <client> provider may change their 
dns server settings.

Any thoughts appreciated.

dmz

Oh this is on R55

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------