I'd recommend checking that your default route for the computers in the dmz is the IP address of the firewall's network card that is attached to the dmz (in the diagram it's called eth0 and is 192.84.219.250)
I have IP masqing and port forwarding.
something like:
External Network (BAD)
|
|
eth0|
---------------
| all 5 external IPs| Server Network (DMZ)
| |eth1
| |----------------------------------------------
| |10.1.2.1 | | |
| | | | |
|10.1.1.1 | | | |
--------------- -------- ------- -------
| eth2 | SMTP | | DNS | | WWW |
| -------- ------- -------
| 10.1.2.10 10.1.2.11 10.1.1.12
|
Internal Network (GOOD)
internal network default route: 10.1.1.1
dmz default route: 10.1.2.1
set up ipmasq rule for 10.1.1.0/24 and for 10.1.2.0/24
port forward 25 for smtp server address to 10.1.2.10
port forward 53 for dns server address to 10.1.2.11
port forward 80 for web server address to 10.1.2.12
add some other firewall rules and that's basically my setup.
