192.168.1.0 is my LAN
192.168.2.0 is the network assigned to uap0 the wireless interface on the plug which has the address 192.168.2.1
192.168.1.92 is the address statically assigned to eth0 on the plug
192.168.2.104 is the address that is dynamically assigned to the device that is connecting to uap0.
The address is assigned by dnsmasq running on the plug. Dnsmasq also supplies dns services.
NAT is enabled by iptables on the plug so all traffic leaving the plug on eth0 will appear to originate from ip address 192.168.1.92.
This works for traffic from 192.168.2.104 destined for the LAN but anything destined for the internet arrives at the router with an originating ip of 192.168.2.104
So anything that requires a DNS lookup somehow bypasses iptables
Typing an ip address into a browser will still result in a dns lookup.