SuSE 7.1 Professional w/ 2.4 kernel Have been implementing an iptables firewall and have read all the how-to manuals and the normal packet filtering is working fine. I next added NAT Masquerading by: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE Tested and this is working great! Then I went o my DNAT rules. I want all incoming packets destined for the firewalls external interface and on port 25 to be rerouted to an internal server with a private IP on port 25. I use the following NAT call: iptables -A PREROUTING -t nat -p tcp -d $ExtIP --dport 25 -j DNAT \ --to $SMTPSvr:25 I get no errors but when I tried to telnet to the $ExtIP from the internet I get nothing but: Trying <External IP address>... Tried lots of things (list below) but can't get this working. Feel like I'm missing something... can anyone suggest a solution or something else I can try? NOTE Additional Trouble shooting 1. I have cleared the tables and set the default policy to ACCEPT to confirm there are no conflicting rules. 2. I can telnet from this system to the $SMTPSvr:25. 3. I have this working on another system using ipmasqadm. 4. If I clear the DNAT I get a message that says something like connection refused (smtp isn't running on the system). 5. The command iptables -L -t nat displays the following under Chain PREROUTING (policy ACCEPT): DNAT tcp -- anywhere <IP of Public Interface> tcp dpt:smtp to:<IP of SMTP Server> 6. A ethereal sniff on the telnet system reveals packets outgoing but never get any reply. 7. The command lsmod lists: ipt_MASQUERADE iptable_nat ip_conntrack iptable_filter ip_tables ipv6 3c509 isa-pnp