Olá!

Fiz uma DMZ no mikrotik, ou estou tentando

ether 1 200.xxx.xxx.31
ether 2 192.168.1.1 (local)
ether3 10.10.10.1 (DMZ)


Quero que tudo que venha para porta 25,110, vá para a dmz, e saia da mesma maneira,
e a mesma coisa da rede local acessando a dmz, ou por fora!

Achei algo assim,

#####################################
#####################################
### ENTRANDO NA DMZ WWW & MAIL
#####################################
iptables -t nat -A PREROUTING -p tcp -i $IF_OUT -d $HOST -m multiport --dport $MAIL_PORT -j DNAT --to $MAIL
iptables -t nat -A POSTROUTING -p tcp -o $IF_IN -m multiport --dport $MAIL_PORT -j MASQUERADE
#
iptables -t nat -A PREROUTING -p tcp -i $IF_OUT -d $HOST -m multiport --dport $WWW_PORT -j DNAT --to $WWW
iptables -t nat -A POSTROUTING -p tcp -o $IF_IN -m multiport --dport $WWW_PORT -j MASQUERADE
#####################################
# SAINDO DA DMZ WWW MAIL FTP & DNS ##
#####################################
iptables -t nat -A POSTROUTING -p tcp -o $IF_OUT -m multiport --dport $MAIL_PORT,$WWW_PORT -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp -o $IF_OUT --dport 53 -j MASQUERADE
iptables -A INPUT -i IP_IN -m state --state ESTABLISHED,RELATED -j ACCEPT
#####################################


Ideias?

Obrigada