I've configured a firewall placed in front of a local network (workstations) and a DMZ on the other side. Everything works perfectly to forward traffic but a problem still persists. When I try to get access to a server into the DMZ by its public address (gateway's IP) from the local network, it causes an error. I pretend that this occurs because the server get confused with different IPs with the client. My idea on what happens is unprecised... How should I resolve the problem with Iptables ?

If I understand your problem correctly, I think what you're seeing is the "local DNAT problem". Take a look at the DNAT section of this tutorial, which describes the cause of the problem as well as a solution. To summarize, the client makes a request to the public IP, which gets NATed to the DMZ host, which then sends the reply locally to the client. So the client gets a reply back from the DMZ instead of the public IP and doesn't recognize as part of a valid connection.

Thank you for your reply.

After reading, I think I'm not going to implement the solution proposed in the HOWTO. It would be better to only edit /etc/hosts and put an alias for my website instead of modifing the way connection will be logged with iptables. For a bigger network, an internal DNS could do the job well also.

I will read that post real thoroughly and hopefully the DNAT clue will begin to reveal where I don't see the solution yet. Meanwhile, after about a year of living with this??)) tonite @ dinner it dawned on me (have we got a light bulb lite.gif to put here?). I got SAMBA, I got it good, works puurfeectly; it was a nasty messy ridiculously terible beastly whore to install! (piratebiter, don't mince words... tell us how U really feel!) anywho... all I gotta do to "see" the site on Explorer is open Network Places on the Gates~a~Box, go to the www.Server Folder and open the file for the site I wish to view and click the index or some relevant page... comes right up and is a good simulation of what the world sees... sheesh...!
So EZ when U knows how, Pogo. So, I'm still intrigued with solving this the correct way but at least I can mess with the site and do a bit of checking without dropping the firewall each time. Thanks for the link to the fix I'll READ that... but not tonitezzzz
~Piratebiter~ hisself