IPCop is an easy to use firewall full of good features. One of those features is port forwarding.

Project: Forward Web Server Traffic to Internal Server
The purpose of this project is to forward web traffic to a protected server on the internal network. This provides a protected environment for the web server.

Setup This project requires an IPCop server with two network cards. This is the simplest configuration. One network card is on the Green Zone, or internal zone and the other is on the Red Zone or external zone that connects to the Internet. The web server is located in the Green Zone and will be protected from all other attacks from the Internet but will provide web hosting that is viewable from the Internet. Note: The best way to do this is with a DMZ which requires 3 network cards, but this tutorial is really for those just starting out.   This graphic shows that all web traffic will be forwarded to the web server on the internal zone. Note that in the setup you will be required to determine which port number people will come in on to access the Web Server. Since the default for web services is port 80, this port is used. If you chose another port it would only be available to those who knew which port you were using as web browsers typically use port 80.

Port Forwarding
Once you login to IPCop choose Firewall and Port Forwarding. This window will open. Port Forwarding provides a way for you to to move traffic, web traffic in this case, and forward it to an interal web server on the internal network. You will need to configure a few options to get this to work. Web browser traffic is based on TCP, so that Protocol option must be chosen. The IP Address of the internal web server must be added, in the example the web server is on IP Address 192.168.3.10. The Source Port is the port that connects to the IPCop Firewall. For example a web browser would be pointed to the IPCop IP Address on port 80 to be able to connect to an internal web server. The destination port should relate to the service that you are providing. In this example, port 80 is the default for web servers. You may choose to add a remark just so that you can easily clarify what the setting is in reference to. If you leave Source IP blank all people on the Internet will be able to gain access. That is probably what you are trying to do for a web server. Choose Add and your new rule will be active.

Once you add the new rule it is visible at the bottom of the window.

If you click on the rule and the yellow pen you will be able to edit the firewall rule and then update any changes you make.

If you choose the red pen you will be able to edit the Source IPs. For a web server you probably want to allow everyone to have access to it but if you were going to setup other types of servers you would probably want to restrict access to individual networks or IP Addresses.