hi,
i have my systems setup in a similar fashion as described here:
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/where
eth0 - connected to WAN (but internally it has subnet 192.168.1.0/24)
eth1 - connected to LAN (another subnet 192.268.254.0/24)
eth2 - connected to DMZ (subnet 192.168.2.0/24) - this is where email, HTTP, FTP server are working.
on Zentyal, i have defined eth0 and eth2 as 'external WAN' .
but Zentyal intercepts all traffic which is forwarded from my router (192.168.1.1) to my HTTP server (192.168.2.2) and the only way to allow for traffic to reach my server is to add a forward rule in Zentyal.
however, that makes my HTTP logs useless as all traffic is then identified as originating from 192.168.1.1
what i would like to have is an IPTABLE rule that allows traffic to flow freely between eth0 and eth2.
does anyone know sufficient IPTABLES to create this type of rule? or have i misunderstood what i really need?
thanks,
Nicolas