>You should add an SNAT rule, so your inside box is able to answer to the
>outside connection from privat IP (10.0.0.112).
This is not neccessary true, this isn't a requirement until the 10.0.0.112 machine needs to make the first move and make an outgoing connection (SYN), only then you would need SNAT. DNAT connections should be handled fine with ip_conntrack.
I want to thank the members of this list for the help provided in the last few days.
It turned out a co-worker removed the default gateway from the firewalled box. I will talk with him tomorrow and after then he will probably never touch the default gateway again unless he is really sure he's not going to get into trouble again.
Thanks,
B.