Brent Clark schrieb: > Hi all > > I would like to have it so that a connection (destined for port 8080) > comes in on eth0 and jumps to port 3389 > > $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to > 192.168.111.248:3389 > $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 8080 -d 192.168.111.248 > -j ACCEPT Try "--dport 3389" in your FORWARD rule, as the destination port is already rewritten in nat/PREROUTING. If you don't have it already, you need a rule in FORWARD that allows the traffic back. Something like: -A FORWARD -s 192.168.111.248 -j ACCEPT or something more restrictive. HTH, Joerg
