$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d $MYADDR --dport = 1494 -j DNAT --to $PINE:1494 !!!!!!!creating DMZ !!!!!!!! $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d $PINE --dport 1494 -j = ACCEPT !!!!!!!!!!!allow packet to DMZ but in one direction!!!!!!!!!
Add $IPTABLES -A FORWARD -i $INTERNALIF -p tcp -s $PINE --sport 1494 -j ACCEPT and other chain like this
