can we combine firewall with NAT how testing can be done?

my server is going to be co-location.
I have a firwall using iptables. and I have searched goggle with NAT, it came up with this NAT?

can we combine firewall with NAT?

my current situation are as follows:

1. 1000M bps planet external card ( 192.168.1.28 for testing under boardband env. )
2. 100m bps 3com internal ( not configure yet) just sitting in PCI slot.
3. current apache setting is private IP based

I think I need the following to let these services to go through


do u think and how can these the two NIC in broad band enviroment?

Other services go to DMZ 192.168.1.10 which does not exist.

??? put the script to rc.local , am I right?
#!/bin/sh
# 18 th may 2002
# Interfaces
eth0="real ip here" - external side

# eth1 - Internet side
eth1="192.168.1.199"

# NAT for internal network
iptables -t nat -A POSTROUTING -s 192.168.1.199/24 -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT

# Configure NAT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.1.199
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to
192.168.1.199
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 22 -j DNAT --to
192.168.1.199
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 23 -j DNAT --to
192.168.1.199

I assume this is going to be a webserver? Why do you need NAT? That's only useful for network traffic that starts on one network (internal?) and is supposed to end up on a different network (internet?). If the traffic starts on your server, or if the traffic is going to your server, you don't need NAT. NAT is for routers, really.

my home grown web server is connected linksys router with dmz.
I can do forward or Network address translation.

In my web server, it has a firewall -iptables, thousand of users ( IP) to trick me and my server each day.

in co-location , i will be given an real ip. As administrator ( sortof and still learning) like other people, I will be using SSH to telnet into my own web server to administrator.

NAT and firewall will give me a safty and I have to SCP ( which re-seaching" to sync web-server in co-loation with office server ( linux + solaris).

TWO nic - planet 1000m and 3 com NIC is in the web-server ( half-size 2U).

qmail was not installed right. I have do testing until it is prpoerly.

12 hours facing the computers on daily basis.

I need to test two under to differnet network layers and currently I am using broadband.

I have success in installing a freesco router myself and learn how it works. I have got all parameter and written down. Freesco is no better than a linksys router.

I'm still confused as to why you need to use NAT. Firewall, yes, of course, but NAT (Network Address Translation), is for transparently redirecting network traffic. What traffic is it that you are redirecting, and where are you sending it?
Are you trying to only allow certain ip's to connect with ssh? You don't need NAT for that, just iptables/ipchains.

in co-location:

incoming port 80,25,21,22,3360.
nic-eth0- real ip.
nat to : 192.168.1.80( eth1)

others to dmz of noexisting machine 192.168.1.10.