> I'm trying to telnet to 1.2.3.4 port 25 > > Where I'm DNATing 1.2.3.4 to 1.2.3.5 > > telnet is still trying to connect to 1.2.3.4 but it never get any connections. > > Here is my nat table. > > > mailserv:/etc# /sbin/iptables -L -t nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT all -- anywhere 1.2.3.4 to:1.2.3.5 > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > DNAT all -- anywhere 1.2.3.4 to:1.2.3.5 You should not use the OUTPUT chain in the nat table ; just the PREROUTING chain will do. Do you also have a FORWARD rule in the filter table ? I think you need something like : iptables -A FORWARD -i <if_in> -d 1.2.3.5 -p tcp --dport 25 -j ACCEPT Is your prerouting rule something like : iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 25 -j DNAT --to-destination 1.2.3.5:25 Do you have : echo 1 > /proc/sys/net/ipv4/ip_forward Rob
