Hi. I've got a question about IPTables. Let's say I want to "hide" a public IP pool (e.g. 144.50.50.0/24) behing NAT. Easy. Let's say I want to provide SMTP port from LAN to the outside world. I'd say "-t nat -A PREROUTING -p tcp -d FWexternalIP --dport smtp -j DNAT --to 144.50.50.12:smtp". Ok, I'd still have to allow the connection in the BAD-GOOD chain for this to work. The result is that the outside world sees the smtp port from the firewall external IP _as well as_ directly from 144.50.50.12. The question is how to hide 144.50.50.12:smtp but still allow firewall external ip:smtp (DNATted port)? Summary: How to DNAT some port and still hide the destination IP+port in the case the real destination IP is a public IP address?
