I have a Fedora Core 6 server with 3 NICs installed as follows

eth0 - Network = 192.168.1.0/24 IP=192.168.1.155
eth1 - Network = 172.31.10.0/26 IP=172.31.10.20
eth2 - Network = 172.31.10.128/26 IP=172.31.10.150

I need requests from the clients on the 192.168.1.xxx network to access the web server at 172.31.10.136 by using the url http : // 192.168.1.155

So far I have iptables configured to allow http requests to be forwarded to the web server but they are not routing back and I appear to have been going round in circles so need some help/advice.

my iptables file is very basic and is as follows:

Code:
# Generated by iptables-save v1.3.5 on Mon Apr 21 16:51:24 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth2 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A FORWARD -i eth0 -o eth2 -p tcp --dport 80 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:dmz - [0:0]
-A PREROUTING -i eth0 -j dmz
-A PREROUTING -d 192.168.1.155 -j dmz
-A OUTPUT -d 192.168.1.155 -j dmz
-A dmz -p tcp --dport 80 -j DNAT --to-destination 172.31.10.136:80
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 172.31.10.128/26 -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.155
COMMIT
using tcpdump on the interface eth2 data can be seen passing through the interface to the web server:
Code:
# tcpdump -i 3 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
19:41:22.535251 IP <SERVER_FQDN>.beacon-port-2 > 172.31.10.136.http: S 102350687:102350687(0)
win 65535 <mss 1460,nop,nop,sackOK>
However it is not being routed back, as indicatd in /proc/net/ip_conntrack

Code:
tcp      6 111 SYN_SENT src=192.168.1.112 dst=192.168.1.155 sport=4405 dport=80 packets=1 
bytes=48 [UNREPLIED] src=172.31.10.136 dst=192.168.1.112 sport=80 dport=4405 packets=0 bytes=0 
mark=0 secmark=0 use=1
Any clues/solutions to this problem most welcome
Happy to supply further info if needed.
Thanks.