> Mind you, isn't the whole point of a router to join 2 > seperate networks? The router has two ports, one on each > network and as far as the VNC client is concerned the > packets are sourced to and sent from a device on its own > network with the router taking care of getting the traffic > between the two.
On the internal network this is true. On the external network the packets appear to come from the internal network, so the external device needs to know how to be sent packets back to it (default gateway or specific route). > Perhaps my iptables rules are wrong but > all I want to do if forward traffic on port 5900 between > the 2 networks iptables -t filter -A FORWARD -i eth0 -o eth1 -p tcp --dport 5900 -s 0/0 -d 203.110.12.225 -j ACCEPT iptables -A POSTROUTING -o eth1 -d 203.110.12.225 -p tcp --dport 5900 -j SNAT --to 203.110.12.230 This means that packets from the internal network are forwarded through the linux box, and appear to come from the linux box when they appear at 203.110.12.230, which then doesn't need to know about the internal network. All you need to do is vnc internally to 203.110.12.230 -- provided your internal machines have a default gateway of the linux machine. You could combine the PREROUTING and POSTROUTING rules if you don't have a default gateway (but no default gateway usually causes problems in the long run.) > and one network doesn't need to be aware of > the other for this to happen as this is what the router is > for. But they still need to know how to send the packets there. This is normally what the default gateway setting is for. Any packets your machine doesn't know how to route are sent to a router to let it do it's thing. Are both sides of your network pointing their default gateway at the linux box? Regards Daniel (Note: I write out of order for replies so something further down may be repeating something i've already said, or it may just be a big mess.)
