-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I have got a problem with portforwarding with iptables. Situation: I have got a Host (2 Interfaces, one with official IP-Adress, one private) that shold forward incoming tcp-connections on a specific port to a second host in the private net. My specific rules: $IPTABLES -A FORWARD -i $IF -o $INTIF -m state --state NEW,ESTABLISHED -p tcp -s $i -d 192.168.10.4 --dport 4899 - -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $IF -m state --state ESTABLISHED -p tcp -s 192.168.10.4 --sport 4899 -d $i -j ACCEPT $IPTABLES -t nat -A PREROUTING -i $IF -p tcp --dport 4899 - -j DNAT --to-destination 192.168.10.4:4899 where $IF is the external IF, $INTIF is the internal IF and $i is the permitted host IP. I added Logging for debugging, then I tried telnetting from an external host: Dec 11 15:51:23 hosting4 kernel: 4899 forward: IN=eth0 OUT=eth1 SRC=<external host> DST=192.168.10.4 LEN=60 TOS=0x10 PREC=0x00 TTL=57 ID=50329 DF PROTO=TCP SPT=3221 DPT=4899 WINDOW=32120 RES=0x00 SYN URGP=0 Seems, that packets are forwarded, but then??? Do I need an SNAT-rule for backward packets? Telnetting directly from this (forwarding)host works perfectly. Thanks, Claus - -- PGP-Key fingerprint: E94C 5E65 B4FB 2E7D 82A8 814C A450 C01E F990 A9FD -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE991aVpFDAHvmQqf0RAjmFAJ4vmV5xI73P5dM9DHsKV21YLp+SDQCgmTbI vcY0MHJct7d5EvH2VYRLGEI= =gxMl -----END PGP SIGNATURE-----