Hello. Can someone please tell me why I cannot access a machine inside my LAN from outside? These are my rules to try to accomplish that task: $iptables -t nat -A PREROUTING -i $EXT_IFACE -p tcp \ -s $UNIVERSE --sport $UNPRIVPORTS -d $EXT_IP --dport 22 \ -j DNAT --to-destination 172.16.0.200:22 $iptables -A FORWARD -i $EXT_IFACE -o $LAN_IFACE -p tcp \ -s $UNIVERSE --sport $UNPRIVPORTS -d 172.16.0.200 --dport 22 \ -m state --state NEW -j ACCEPT $iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT What am I doing wrong? When I try to ssh from outside our network I can see it gets to the prerouting but, nothing gets forwared: Chain PREROUTING (policy ACCEPT 1223 packets, 93798 bytes) pkts bytes target prot opt in out source destination 374 19224 REDIRECT tcp -- eth0 * 172.16.0.0/16 0.0.0.0/0 tcp spts:1024:65535 dpt:80 redir ports 3128 0 0 REDIRECT tcp -- eth0 * 172.16.0.0/16 172.16.0.1 tcp spts:1024:65535 dpt:8080 redir ports 80 0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 190.80.4.42 tcp spts:1024:65535 dpt:8080 redir ports 80 3 180 DNAT tcp -- eth1 * 0.0.0.0/0 190.80.4.42 tcp spts:1024:65535 dpt:22 to:172.16.0.200:22 Thanks in advanced for your help. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html