iptables/multiple external natting problem

[Marc Peiser <marc@gocontent.com>]

[-- Attachment #1: Type: text/plain, Size: 1343 bytes --]

Hi,

I'm trying to setup a firewall at our data center and I think I'm 
missing a few things here. I have a Class C ip range, lets call it 
1.2.3.0/24. I have a firewall running kernel 2.6.9 and iptables 1.2.11. 
My firewall has 2 network interfaces, on the external interface I've 
added an alias for each external ip that I want to nat to internal servers:

eg. ifconfig eth0:0 1.2.3.10 netmask 255.255.255.0
(Is this the correct way to use multiple ip's?)

My servers on the inside interface are on the 192.168.0.0/24 network.

I'm able to ssh to an internal server via an external ip address.
The problem is I can't seem to connect out (via ssh, dns, www etc) from 
the inside servers. There is a rule blocking these connections as it 
shows me in the firewall logs:

Oct 25 18:27:22 fw1 kernel: IN=eth1 OUT=eth0 SRC=192.168.0.20 
DST=4.3.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=28642 DF PROTO=UDP 
SPT=32769 DPT=53 LEN=40
Oct 25 18:27:31 fw1 kernel: IN=eth1 OUT=eth0 SRC=192.168.0.20 
DST=4.3.2.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=18271 DF PROTO=TCP 
SPT=32792 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

I've attached my firewall script, could someone please take a look at it 
and give me a hand. Or if they have a similar setup, could you send me 
your config. If there is a better way to do this, please let me know.

Many thanks,
Marc

[-- Attachment #2: firewall.sh --]
[-- Type: application/x-shellscript, Size: 3451 bytes --]