We haven't selected a specific application as a firewall yet. Until then we'll provide some examples howto NAT your LAN to the net and howto do portforwarding (i.e. reverse masquerading of traffic to servers in our LAN or DMZ) using iptables. If you don't already have iptables installed install the software:
apt-get install iptables
NAT using iptables (the network to masquerade is 192.168.1.0/24, the interface of the firewall connected to the net is eth0).
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -F -t nat iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
Portforwarding using iptables (we'll portforward incoming traffic on port 25 (the SMTP-protocol) towards our mailserver. The interface of the firewall connected to the network where the mailserver (IP address 192.168.1.14) is located is eth1. The outside IP address of the firewall is 10.0.0.1).
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A PREROUTING -t nat -p tcp -d 10.0.0.1 --dport 25 -s 0.0.0.0/0 --sport 1:65535 -j DNAT --to 192.168.1.14:25
apt-get install iftop