Can't get port forwarding DNAT to work

Can't get port forwarding DNAT to work

[Evan Harper]

I have a few machines on a LAN connected to the internet via a gateway 
server with a DSL connection. I have packet filtering and IP masq up and 
running with no problems -- the internal machines can connect out to the 
Internet and everything is good. However I've been trying for a while 
now to forward port 25 to a mail server inside the LAN with absolutely 
no luck. The relevant rc.firewall line is:

iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 25 -j DNAT --to 
192.168.0.4:25
# forward smtp traffic to mail server

Everything looks normal except that packets sent from outside the 
network to port 25 just fall into a black hole. I've fiddled with the 
options for a while, changing nothing. Help would be much appreciated.

Evan Harper

Re: Can't get port forwarding DNAT to work

[Evan Harper]

>>iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 25 -j DNAT --to
>>192.168.0.4:25
>># forward smtp traffic to mail server
>>    
>>
>
>	Now you've changed the destination of the packets.  Have you allowed the 
>packets to get to the destination.   You need an equivalent rule in FORWARD 
>to  let those DNATTED packets IN. ...
>  
>
Indeed, this was my problem, which I figured out after I sent this 
message. Personally I think section 4.2 of the NAT HOWTO ought to 
mention this, since it seems to imply you need only the one rule.

Evan Harper