IPTABLES: NAT and FORWARD

Hi,


I am trying to setup a spam filter gateway. We have iptables firewall running on Linux box. Our firewall is connected to the public internet and ip addresses behind firewall are public too.

So I want to redirect email traffic to the spam filter gateway using iptables.
Currently I am using forward rules to forward rules to forward my traffic from eth0 to eth1

   e.g.
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 80  -j ACCEPT
    iptables -A FORWARD -p tcp -s 0/0 -d 0/0--dport 443 -j ACCEPT

However I assumed I will have to use NAT to redirect emails to the spam gateway.
 
  iptables -P INPUT DROP
  iptables -P FORWARD DROP
  iptables -P OUTPUT ACCEPT
  iptables -t nat -P PREROUTING DROP
  iptables -t nat -P POSTROUTING DROP

  iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 80  -j ACCEPT
  iptables -A FORWARD -p tcp -s 0/0 -d 0/0--dport 443 -j ACCEPT

  iptables -A PREROUTING -i eth0 -t nat -p tcp -s 0/0 -d <Public_ip_1> --dport 25 -j DNAT --to-destination <Public_ip_2>:25

1. Can I use forward chain rules and NAT the same time?
2. Do I need to load NAT modules in  /etc/sysconfig/iptables-config?
3. Can I redirect public ip to public ip address or I will have to map public to non-public?
4. What will happen if I do not change default policy for NAT?
5. How do list rules for NAT?
6. Do I need to assign ip address to eth0 (external interface) in order use nat?


I enabled NAT today and firewall went down.


Thanks,

TelmanStart Free Trial