This one is really starting to get me.
I have worked with iptables before without connections started from the outside. In this case I need to allow connection from the outside to go to a box on the inside.
I was under the impression that a rule like:
iptables -t nat -A PREROUTING -i eth0 -p tcp -d public_ip --dport 3389 -j DNAT --to 10.0.0.112:3389
would send the incoming packets to the inside box. And that:
iptables -A FORWARD -i eth1 -o eth0 -s 10.0.0.112 -j ACCEPT
or
iptables -A FORWARD -i eth1 -j ACCEPT
Should send any reply from the inside box to the world. But it isn't happening :(
You should add an SNAT rule, so your inside box is able to answer to the outside connection from privat IP (10.0.0.112).
#iptables -A POSTROUTING -s 10.0.0.112 -o eth0 -j SNAT --to-source public_ip
Nandor Szabo
