i found the problem. i have 2 servers in the net 192.168.1.x internet | |200.20.0.12 Firewall 192.168.1.1 | | | ---------------------- 192.168.1.79 192.168.1.143 and i have this rules $IPTABLES -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j ACCEPT -p tcp --dport 1248 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1248 -j DNAT --to 192.168.1.143:22 iptables -A FORWARD -j ACCEPT -p tcp --dport 1350 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1350 -j DNAT --to 192.168.1.79:22 target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:1248 to:192.168.1.143:22 DNAT tcp -- anywhere anywhere tcp dpt:1350 to:192.168.1.79:22 DNAT icmp -- anywhere anywhere to:192.168.1.143 DNAT tcp -- anywhere anywhere tcp dpt:mysql to:192.168.1.143 when i restart the firewall one dnat not working. if i connect first to port 1248 ssh 200.20.0.12 -p 1248 work good but port 1350 doesnt working. if i connect first to port 1350 1248 dont work. is really extrange no ??? any help? -- Pablo Allietti LACNIC --------------
