From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jens Knoell <jens@surefoot.com>
Subject: IPTABLES: Forwarding port to different machine & different port
Date: Wed, 09 Mar 2005 16:29:53 -0700
Message-ID: <422F86F1.3030600@surefoot.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: linux-admin@vger.kernel.org

I'm a little lost... I want to simplify the server setup and get rid of 
some forwarding rules in xinetd. So I've modified the firewall rules 
like this:

<---header snipped (sets up basic rules and preps)--->
# Enable NAT
/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 
207.224.222.229
#/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Port redirect
# VNC Listeners for tech support
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5500 -j 
DNAT --to-destination 10.0.0.109:5500
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5501 -j 
DNAT --to-destination 10.0.0.113:5500
# VNC Forwards for some office people
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5900 -j 
DNAT --to-destination 10.0.0.105:5900
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59105 -j 
DNAT --to-destination 10.0.0.105:5900
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59106 -j 
DNAT --to-destination 10.0.0.106:5900
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59107 -j 
DNAT --to-destination 10.0.0.107:5900
/usr/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 59108 -j 
DNAT --to-destination 10.0.0.108:5900
<---everything below snipped because it's only firewall rules--->

Funny thing: the first two (VNC listeners) work. Everything below does 
not. Any idea what's wrong there?

Thanks a lot
J