Update:

I took a seperate hub. I plugged my test machine && eth1 of the firewall box into the hub. Still nothing.

Another question is:

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG all -- anywhere anywhere LOG level debug


Shouldnt there be a destination or a source address in that listing?

So, your configuration is not how I guessed they would be in post #6?
Please, explain how they are. Even in my theoretical best, I can only give as correct instructions to set system up as is my comprehension of the network structure.

Ok let me explain my configuration. I have 2 different networks. One is a customer's site and one is my test lab site.

Customer's Site:


[Internet] <--> [Cisco Router] <--> [Linux Box] <--> [Cisco Switch] <--> [Lan]

On the customer site the script I have posted allows us to NAT fine and whatnot. However port forwarding would not forward ports to customers. Fine...after messing with this for hours I decide to do a test lab to figure this problem out.

Test Lab Setup #1:

[Internet] <--> [Cable Router] <--> [Switch] <--> [Linux Box] <--> [Lan + Mailserver (200.0.0.0)]
^---------[Test Machine (192.168.100.7)]

Linux Box: eth0 has a ip of 192.168.100.5
eth1 has a ip of 200.0.0.250

Nat works. I thought I had set up port forwarding to forward port 25 and 80 to our local mail server on our LAN. However when I set up the test machine's gateway to 192.168.100.5 and try telnet 192.168.100.7 25 or 80 it does not work.

Test Lab Setup #2:

I thought I would try it with a second hub
[Internet] <--> [Cable Router] <--> [Switch] <--> [Lan + Mail Server (200.0.0.*)] <--> [Hub] ---> [Linux Box]
^------[Test Machine (192.168.100.7)]

Same setup as Setup#1 and no port forwarding.



Does that help?


Thanks!

Sorry for taking so long in responsing; I was rambling in the forest for few days.

For the an other question in post #16: the "anywhere" and "anywhere" are the source and destination addresses. But as said earlier, that is not the whole truth; run with "iptables -v -L" to see more comprehensive listing (and "iptables -t nat -v -L").

For post #18:
ok, now I know how you have connected your cables. What I don't know, is why. Well, I do know that you are figuring out a problem in some other configuration, but I don't get the more concrete target.

As I tried to distinguish in post #6 (by using two concrete cases plus an open case "c"), the forwarding might mean many things. Forwarding can happen in ethernet level, routing level or protocol level and most of these can be done either with or without modifying actual "envelopes" of packages.

Back to the network description:
So, you have now in test setting #1:
Internet <- ->
{Some external IP} [cable router] {Internal IP 192.168.100.something}
<- subnet (A) 192.168.100.0/24, carried in a switch I ->*

*(A) {192.168.100.5/eth0} [linux box] {200.0.0.250/eth1} <- subnet (B) 200.0.0.0/24 carried in a same switch I -> (B) {200.0.0.254} [mail server]

*(A) {192.168.100.7} [test machine]

Are the following claims true:
1. You are allowed to set the test machine to have any settings you might ever want.
2. You are allowed to set the linux box to have any settings you might ever want.
3. You are allowed to set the mailserver to have any settings you might ever want.

About the objectives, what do you want to happen in following cases when you write:
a) testbox# telnet 192.168.100.5 25
b) testbox# telnet 192.168.100.7 25
c) testbox# telnet www.linuxquestions.org 25
(or any other arbitrary netsite)
d) testbox# telnet www.linuxquestions.org 80
(or any other arbitrary netsite)
e) testbox# telnet 200.0.0.0 25
f) linuxbox# telnet 200.0.0.0 25
g) Are these relevant questions at all? Are you trying to archive something else?

Some more general remarks.
* There is normally not much sense in connecting two nics to the same switch. It might be useful is some cases, though, eg. when your switch supports ethernet bonging/channeling so you can get double throughput, but only partially useful on routing.
* Why do you want to put the mailserver into it's own subnet in the first place? Wouldn't it be so much easier to just let the mailserver be one of the citizens (like 192.168.100.27) and setup others in the lan to use it as their mailserver. No routing, no address translation, no fuss at all.

Got it working?

Yes sorry for not replying...got way sidetracked.

I figured out what you meant about my ips being wrong. It seems it did not like an internal ip (192.168.1.*) on the external interface. And
our email server ip was the wrong ip which made a BIG difference

thanks for the help