IPTABLE Rule to allow traffic between WAN and DMZ

[nicolasdiogo]

hi,

i have my systems setup in a similar fashion as described here:
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/

where
eth0 - connected to WAN (but internally it has subnet 192.168.1.0/24)
eth1 - connected to LAN (another subnet 192.268.254.0/24)
eth2 - connected to DMZ (subnet 192.168.2.0/24) - this is where email, HTTP, FTP server are working.

on Zentyal,  i have defined eth0 and eth2 as 'external WAN' .

but Zentyal intercepts all traffic which is forwarded from my router (192.168.1.1)  to my HTTP server (192.168.2.2) and the only way to allow for traffic to reach my server is to add a forward rule in Zentyal.

however,  that makes my HTTP logs useless as all traffic is then identified as originating from 192.168.1.1

what i would like to have is an IPTABLE rule that allows traffic to flow freely between eth0 and eth2.

does anyone know sufficient IPTABLES  to create this type of rule?  or have i misunderstood what i really need?

thanks,

Nicolas

[jsalamero]

Can you show us your iptables -t nat -L -n -v output?

[nicolasdiogo]

thanks for your time.

i figure tha t i should have a single DMZ subnet
create a new subnet for the servers to be isolated and then create firewall rules to constrain the new subnet so that it would not have access to the rest of the network.