Hi, On Fri, 16 Jul 2004 17:03:42 +0100, Antony Stone > iptables -A PREROUTING -t nat -d a.b.c.d -p tcp --dport 21 -j DNAT --to > w.x.y.z > iptables -A FORWARD -d w.x.y.z -p tcp --dport 21 -j ACCEPT Why is the FORWARD rule needed here? Doesn't the PREROUTING rule handle the same or rather the rule in ESTABLISHED and RELATED in FORWARD chain handle it? Why do we need a seperate FORWARD rule? With warm regards, -Payal
