Olá pessoal!! Tenho um servidor Apache 2.0 rodando perfeitamente em uma máquina Linux e servindo minha intranet (rede - 192.168.1.0 / 255.255.255.0). Recentemente adquiri o Speedy Bussiness com a intenção de disponibilizar o servidor para acesso via a Internet. Para melhorar a segurança do servidor coloquei-o atrás de um Firewall (Redhat 7.3):

200.abc.def.ghi __________ 192.168.1.1
_/\__/\_ \ | | / _______________
| | \ | Firewall |/ | |
/ Internet \-------- | |--------- | Servidor WWW |
\_ _ _ _/ |__________| |_______________|
\/ \/ \/ \
\ \
192.168.1.4


Para que o servidor pudesse ser acessado a partir da Internet adicionei regras de NAT ao Firewall. O problema é que o servidor não está disponibilizando páginas para requisições feitas da Internet. O acesso ao servidor dentro de minha intranet está normal. Digito o IP no meu navegador (máquina com IP 192.168.1.3) e acesso as páginas (http://192.168.1.4). Já tentei várias alterações das regras do Firewall sem resultado. O meu script de regras do iptables é:

______________________________________________________________
#!/bin/bash
#
#
##########
# Standard Settings
IPTABLES="/sbin/iptables"

INT_IF="eth1" # Interface da rede interna
INT_NET="192.168.1.0/24" # Endereco da rede privada
INT_IP="192.168.1.1" # IP da interface de rede interna
BROADCAST="192.168.1.255/24" # Broadcast da rede privada

EXT_IF="eth0" # Interface de rede externa (conexao com a internet)
EXT_IP="200.abc.def.ghi" # IP da interface de rede externa



echo " External IP: $EXT_IP"
echo " Internal IP: $INT_IP"
echo " ---"

# Configurando algumas outras variaveis locais
UNIVERSE="0.0.0.0/0"


FORWARD_PORTS_1="20,21,25,79,81,86,110,143,443" # Portas que devem ser forwaded entre as 2 interfaces
FORWARD_PORTS_2="2082,2086,2095,3306"
TCP_SERVICES_IN_INT_IF="22" # Portas do gateway acessiveis p/ a rede privada
TCP_SERVICES_IN_EXT_IF="22" # Portas do gateway acessiveis p/ a internet
TCP_SERVICES_OUT_INT_IF="22" # Portas do gateway liberadas p/ a saida de dados p/ a rede interna
TCP_SERVICES_OUT_EXT_IF="22" # Portas do gateway liberadas p/ a saida de dados p/ a internet
NAMESERVER_1="200.204.0.10" # DNS 1 da Telefonica
NAMESERVER_2="200.204.0.138" # DNS 2 da Telefonica
LOOPBACK="127.0.0.0/8" # Interface de loopback
CLASS_A="10.0.0.0/8" # Bloqueia um IP /8 (classe A) vindo atraves da interface externa
CLASS_B="172.16.0.0/16" # Bloqueia um IP /16 (classe B) vindo atraves da interface externa
CLASS_C="192.168.0.0/16" # Bloqueia um IP /24 (classe C) vindo atraves da interface externa
UP_PORTS="1024:65535" # Portas superiores sem privilegios
XSERVER_PORTS="6000:6063" # Portas por onde os servidores X se conectam
TROJAN_PORTS_TCP="12345,12346,1524,27665,31337" # Portas usadas por alguns cavalos-de-tróia (Trojans)
TROJAN_PORTS_UDP="12345,12346,27444,31335,31337" # Portas usadas por alguns cavalos-de-tróia (Trojans)
#
#
echo "Iniciando o Firewall ....."
#
##########
# Flush Rules
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
#
#
##########
# Mudando parametros do Kernel, necessita CONFIG_SYSCTL definido no Kernel
#
# Protecao contra SYN Cookie
/bin/echo "1" > /proc/sys/net/ipv4/tcp_syncookies

# Desabilitar respostas ao comando ping
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

# Desabilitar respostas de broadcasts
/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Nao aceitar pacotes de origem roteada (source routed packets)
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects

# Desabilitar aceitacao de redirecionamentos ICMP
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

# Habilitar contra mensagens de erro maliciosas (bad error message protection)
/bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Acionar filtragem de via reversa
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo "1" > ${interface}
done

# Logar pacotes spoofados, de origem roteada e redirecionados
/bin/echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

# Habilitar o proxy ARP
/bin/echo "1" > /proc/sys/net/ipv4/conf/eth0/proxy_arp
/bin/echo "1" > /proc/sys/net/ipv4/conf/eth1/proxy_arp

# Habilitar IP forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
#
#
##########
# Regras
#
# Regras Padroes
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
#
# Negar pacotes vindo ou indo p/ uma rede /8,/16,/24 (Class A,B,C) ($EXT_IF)
$IPTABLES -A INPUT -i $EXT_IF -s $CLASS_A -j DROP
$IPTABLES -A INPUT -i $EXT_IF -d $CLASS_A -j DROP
$IPTABLES -A INPUT -i $EXT_IF -s $CLASS_B -j DROP
$IPTABLES -A INPUT -i $EXT_IF -d $CLASS_B -j DROP
$IPTABLES -A INPUT -i $EXT_IF -s $CLASS_C -j DROP
$IPTABLES -A INPUT -i $EXT_IF -d $CLASS_C -j DROP
$IPTABLES -A OUTPUT -o $EXT_IF -s $CLASS_A -j DROP
$IPTABLES -A OUTPUT -o $EXT_IF -d $CLASS_A -j DROP
$IPTABLES -A OUTPUT -o $EXT_IF -s $CLASS_B -j DROP
$IPTABLES -A OUTPUT -o $EXT_IF -d $CLASS_B -j DROP
$IPTABLES -A OUTPUT -o $EXT_IF -s $CLASS_C -j DROP
$IPTABLES -A OUTPUT -o $EXT_IF -d $CLASS_C -j DROP
#
# Protecao contra varredores de portas e syn/flood na interface interna ($INT_IF)
$IPTABLES -N syn-flood_INT_IF
$IPTABLES -F syn-flood_INT_IF
$IPTABLES -A INPUT -i $INT_IF -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j syn-flood_INT_IF
$IPTABLES -A INPUT -i $INT_IF -p tcp --syn -j syn-flood_INT_IF
$IPTABLES -A syn-flood_INT_IF -m limit --limit 1/s --limit-burst 4 -j RETURN
$IPTABLES -A syn-flood_INT_IF -j DROP
#
# Protecao contra varredores de portas e syn/flood na interface externa ($EXT_IF)
$IPTABLES -N syn-flood_EXT_IF
$IPTABLES -F syn-flood_EXT_IF
$IPTABLES -A INPUT -i $EXT_IF -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j syn-flood_EXT_IF
$IPTABLES -A INPUT -i $EXT_IF -p tcp --syn -j syn-flood_EXT_IF
$IPTABLES -A syn-flood_EXT_IF -m limit --limit 1/s --limit-burst 4 -j RETURN
$IPTABLES -A syn-flood_EXT_IF -j DROP
#
# Garantir que novas conexoes TCP sao pacotes SYN
$IPTABLES -A INPUT -i $INT_IF -p tcp ! --syn -m state --state NEW -j DROP
$IPTABLES -A INPUT -i $EXT_IF -p tcp ! --syn -m state --state NEW -j DROP
#
# Bloquear fragmentos entrando na interface $INT_IF
$IPTABLES -A INPUT -i $INT_IF -f -j LOG --log-prefix "IPTABLES FRAGMENTS $INT_IF: "
$IPTABLES -A INPUT -i $INT_IF -f -j DROP
#
# Bloquear fragmentos entrando na interface $EXT_IF
$IPTABLES -A INPUT -i $EXT_IF -f -j LOG --log-prefix "IPTABLES FRAGMENTS $EXT_IF: "
$IPTABLES -A INPUT -i $EXT_IF -f -j DROP
#
# Ignorar pacotes de broadcast
$IPTABLES -A INPUT -i $EXT_IF -d $BROADCAST -j DROP
#
# Protecao contra cavalos-de-troia
$IPTABLES -A INPUT -i $INT_IF -p tcp -m multiport --dport $TROJAN_PORTS_TCP -j LOG --log-prefix "IPTABLES Trojan INT_IF: "
$IPTABLES -A INPUT -i $INT_IF -p udp -m multiport --dport $TROJAN_PORTS_UDP -j LOG --log-prefix "IPTABLES Trojan INT_IF: "
$IPTABLES -A INPUT -i $INT_IF -p tcp -m multiport --dport $TROJAN_PORTS_TCP -j DROP
$IPTABLES -A INPUT -i $INT_IF -p udp -m multiport --dport $TROJAN_PORTS_UDP -j DROP
$IPTABLES -A INPUT -i $EXT_IF -p tcp -m multiport --dport $TROJAN_PORTS_TCP -j LOG --log-prefix "IPTABLES Trojan EXT_IF: "
$IPTABLES -A INPUT -i $EXT_IF -p udp -m multiport --dport $TROJAN_PORTS_UDP -j LOG --log-prefix "IPTABLES Trojan EXT_IF: "
$IPTABLES -A INPUT -i $EXT_IF -p tcp -m multiport --dport $TROJAN_PORTS_TCP -j DROP
$IPTABLES -A INPUT -i $EXT_IF -p udp -m multiport --dport $TROJAN_PORTS_UDP -j DROP
#
# Regras icmp (INPUT/OUTPUT) para a interface interna ($INT_IF)
$IPTABLES -A INPUT -i $INT_IF -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $INT_IF -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $INT_IF -p icmp --icmp-type 0 -j ACCEPT
#
# Regras icmp (INPUT/OUTPUT) para a interface externa ($EXT_IF)
$IPTABLES -A INPUT -i $EXT_IF -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -P icmp -j DROP
#
# Servidores de nomes (INPUT/FORWARD/OUTPUT)
$IPTABLES -A INPUT -i $EXT_IF -p udp -s $NAMESERVER_1 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -p udp -s $NAMESERVER_2 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p udp -d $NAMESERVER_1 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p udp -d $NAMESERVER_2 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p udp -d $NAMESERVER_1 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p udp -d $NAMESERVER_2 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
#
# INPUT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i lo -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $INT_IF -p tcp -m multiport --dport $TCP_SERVICES_IN_INT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -p tcp -m multiport --dport $TCP_SERVICES_IN_EXT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -p tcp --sport $UP_PORTS --dport $UP_PORTS -m state --state ESTABLISHED -j ACCEPT
#
# FORWARD
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p tcp -m multiport --dport $FORWARD_PORTS_1 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p udp -m multiport --dport $FORWARD_PORTS_1 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p tcp -m multiport --dport $FORWARD_PORTS_2 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p udp -m multiport --dport $FORWARD_PORTS_2 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $EXT_IF -p tcp --sport $UP_PORTS --dport $UP_PORTS -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IF -o $INT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# OUTPUT
$IPTABLES -A OUTPUT -o $EXT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o lo -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $INT_IF -p tcp -m multiport --sport $TCP_SERVICES_IN_INT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p tcp -m multiport --sport $TCP_SERVICES_IN_EXT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $INT_IF -p tcp -m multiport --dport $TCP_SERVICES_OUT_INT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p tcp -m multiport --dport $TCP_SERVICES_OUT_EXT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p tcp --dport 20 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_IF -p tcp --sport $UP_PORTS --dport $UP_PORTS -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#PREROUTING
$IPTABLES -t nat -A PREROUTING -p tcp -i $EXT_IF --dport 80 -j DNAT --to 192.168.1.4:80
#
# POSTROUTING
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j SNAT --to $EXT_IP
#
echo "Firewall STARTED"
___________________________________________________________________


Qual seria o problema? Estaria no Firewall ou na configuração do meu servidor Apache (httpd.conf)? O meu kernel foi compilado e habilitei todas as opções associadas com o nelfilter. Se alguém pudesse me auxiliar eu agradeceria muitíssimo.
Agradeço antecipadamente pela atenção.

Alexandre