    i just set up a vpn-tunnel to a vpn-provider and so have following ip-schema:

    external (over the vpn-connection): (as example)

    i set up a dmz so if i open the web-broswer with i get the page from the device behind the tomato-router. perfect..

    but if i open the external-ip ( i get the page from the tomato router. what route or firewall-confog do i need?

    thanks a lot and happy easter
    Try the following in your firewall script:
    iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 80 -j DNAT --to-destination <device behind the tomato-router>
