I finally took the venture into natting/masquerading my traffic to allow my internal boxes to be accesed from the outside world. It is really quite easy actually. As long as you are using static addressing on the private lan or set your dhcp server to always give the box u want to access the same ip, you are all set.

Add the following rules to iptables and you’re golden:

-A PREROUTING -p tcp -d 141.219.77.196 –dport 8080 -j DNAT –to 10.0.0.3:8080

^Add the above to the nat table

-A FORWARD -p tcp -d 10.0.0.3 –dport 8080 -j ACCEPT

^ Add the above to the filter table

What these statements say is: Any connection going to the main gateway (141.219.77.196) need to be routed to the internal network to host 10.0.0.3 which is running apache (or whatever service you want) on 8080. The only caveat to this is you cannot use the same port on the gateway as on the internal network as the gateway service will take priority. not a big deal though. At least you can access those internal machines in a nice secure way and get to the stuff you need.

Mario Loria is a builder of diverse infrastructure with modern workloads on both bare-metal and cloud platforms. He's traversed roles in system administration, network engineering, and DevOps. You can learn more about him here.