Okay currently this is how i have my linux network setup...

I am using verizon fios as my internet connection

I logged into my router (verizon) and enabled the STATIC NAT option. I have it so that port forwarding is enabled and the public ip address that is provided to me by verizon is now being forwarded back to my linux box at home.

Here is what i want to do...

I want to setup a linux box to act as a router with iptables doing all of the filtering to basically add a level of security. Then i want another linux box inside my network to do all the hosting and running services like ftpd sshd smtp and httpd

So here is how it would look

(verizon router) -> 192.168.1.1 forwards my public ip address to (linux box router) -> 192.168.1.3 and then i want the router to forward to my other linux box doing the hosting at (hosting linux box) -> 192.168.1.6

My verizon router would plug into the linux box router (192.168.1.3) which has 2 nic's and then my hosting linux box (192.168.1.6) plugs directly into the linux router right? Will this work?

Here are my questions...

The linux box acting as the router (192.168.1.3) i would need iptables rules to route all services to the hosting linux box at (192.168.1.6) right?

Then lets say the linux router has rules like prevent syn floods or malicious packets since it is front of the hosting linux box does the hosting linux box get the protection as well?

Also do i need to write iptables rules on the hosting linux box(192.168.1.6) to offer it protection or does it get the protection from the linux router (192.168.1.3) that already has linux rules?

And i am not sure about the routing...? The hosting linux box (192.168.1.6) needs to go through the linux router (192.168.1.3) to get the firewall protection right?

How do i make sure that the hosting linux box 192.168.1.6 goes through -> 192.168.1.3 ?


And as i said before do i need iptables rules on the hosting linux box or is that not needed because the hosting linux box is going through a linux router?

Also another thing i am not sure about, the linux router box (192.168.1.3) needs iptables and a second layer of nat to route the public ip address back to the hosting box (192.168.1.6) right? Even though verizon is forwarding my public ip address back to my linux router i still need it to go to the hosting linux box. How would i go about doing that?

I hope you all can understand what i am talking about i hope some of you might have some input for me...

Thank you all for your time and help.