I'm having some trouble getting DNAT to work properly. I have a gateway machine that has two different connections to the Internet, on eth1 and eth2. I'm trying to allow inbound port 1723 to be forwarded to an internal PPTP server through both interfaces. It works on eth2, but not eth1. Here's what I've got:
Last time I had packets disappear on me for no obvious reason it turned out to be a MSS issue and was fixed by turning on MSS clamping in the appropriate places.
