Maybe i'm missing something...
A little reminder:
Code:
# Allow all internal systems out
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
This is not exactly what it does. It does Masquerade. Allowing or denying is defined elsewhere. Take a look at that.
Code:
# Foward port 80 to webserver
iptables -t nat -A PREROUTING -p tcp --dport 110 -i ppp0 -j DNAT --to 192.168.2.40:80
In this code i presume you want to receive web data addressed to port 110 and forward it to port 80... what if someone tries to make a pop request? I really don't know, but I guess your webserver might not like it. Why don't you just forward 80 to 80 ?
Other than these few ideas, a reason for your problem might be the fact that:
assuming your external net address is 202.202.x.x, if the DNS is external, it resolves the name mydomain.com as 202.202.x.x .
Now, this could be a problem if, performing a web request from the lan, your box doesn't resolve 202.202.x.x as 192.168.2.40... am i wrong? (could be...)
Normally, this is done automatically, so... assuming it works correctly, refering at your iptables rule:
Code:
# Foward port 80 to webserver
iptables -t nat -A PREROUTING -p tcp --dport 110 -i ppp0 -j DNAT --to 192.168.2.40:80
You're DNATing only data coming from interface ppp0 but your request actually comes from the inside...
Try to modify this statement and let us know if it works!