Locking Down Your Firewall Poking holes for DNAT

To run a webserver inside your LAN for outsiders to access, you need to do port forwarding or DNAT. To do this, edit/change the following lines in your firewall.rules file :
# Uncomment/modify the next 4 lines to forward a service to an internal IP. SERVER_IP=192.168.1.7 # IP of internal web server. PORT=80 # Web traffic directed to staging web server. ${IPTABLES} -A PREROUTING -i ${OUT_DEV} -t nat -p TCP –dport $PORT -j DNAT --to ${SERVER_IP}:${PORT} ${IPTABLES} -A FORWARD -p TCP -d ${SERVER_IP} --dport $PORT -i ${OUT_DEV} -o ${INT_DEV} -j ACCEPT
And restart and test your DNAT config:
# /etc/init.d/firewall start
If all is well, save it with save-config
WARNING: If you're concerned about the security of running a public facing service inside your secured network, then you should be running the three NIC/DMZ configuration that Devil Linux provides at setup time! Then your web and other servers will run and serve content from the secured DMN LAN.

To run a webserver inside your LAN for outsiders to access, you need to do port forwarding or DNAT. To do this, edit/change the following lines in your firewall.rules file :