To run a webserver (or other server) inside your DMZ for outsiders to access, you need to enable DNAT or do port forwarding. To do this, edit/change the following lines in your /etc/init.d/firewall.rules file (in a DMZ3FW ruleset):

• To run a webserver (or other server) inside your DMZ for outsiders to access, you need to enable DNAT or do port forwarding. To do this, edit/change the following lines in your /etc/init.d/firewall.rules file (in a DMZ3FW ruleset):

• # Uncomment/modify the next 4 lines to forward a service to an IP on the DMZ network. SERVER_IP=192.168.1.1 # Internal IP of server. (they mean DMZ IP) PORT=80 # 80 = web server, 25 = SMTP, etc. ${IPTABLES} -A PREROUTING -i ${OUT_DEV} -t nat -p TCP --dport $PORT -j DNAT --to ${SERVER_IP}:${PORT} ${IPTABLES} -A FORWARD -p TCP -d ${SERVER_IP} --dport $PORT -i ${OUT_DEV} -o ${DMZ_DEV} -j ACCEPT

• Replicate for SMTP/port-25, etc, and restart and test your DNAT config:

• # /etc/init.d/firewall start

• If all is well, save it with save-config

• WARNING: If you're concerned about the security of running a public facing service inside your secured network, then you really should be running the DMZ3FW or three NIC/DMZ configuration that Devil Linux provides at setup time! Then your web and other servers will run and serve content from their own secured DMZ LAN segment.