i have a small network, with one valid IP and a firewall with 3 network interfaces (LAN, WAN, DMZ).

• I want to enable PAT on this valid IP to redirect http traffic to a server in my DMZ. (done)
• I want to enable MASQ on this ip from traffic that comes from my LAN (done)
• I want from my LAN as well to access my http server at DMZ. (partially)

Question:

in the above scenario, i cannot from my LAN, to access my http server in the DMZ, since it has the IP used by the MASQ (the only valid ip that i have). What would be the best option to solve this problem?

network interfaces:

• eth0 (WAN)
• eth1 (DMZ)

• eth2 (LAN)

  /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  /sbin/iptables -A FORWARD --o eth1 -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT

  /sbin/iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2

  /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

  /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

  /sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT