Well I'm using a Linksys router-in-a-box for my firewall, so the forwarding there is pretty simple, but we will see what we can do here...
On the SERVER (i.e. where apache is installed), you need at least the following:
Code:
# Accept traffic related to existing connections...
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow incoming traffic on the web server
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
Note that these rules are a *bare* minumum to get the functionality you desire.
Then on the firewall box, you will need something like the following:
Code:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.1.99:80 #substitute the real target IP here
Also see here for resources:
http://www.google.com/search?q=iptables+forward+port+80
It is important to note that many ISPs block all incoming traffic on port 80 in their TOS. If you can't successfully connect on port 80, you may want to try a different port like 8888 or 8080 to see if you have better luck with that one.