What your trying to do has always worked for me ??? Has the machines that need to get DNAT got there Default Gateway / DNS Setup ???
if so check my setup below .. :) .. and a changed version of yours.. hope it helps .. :) ### Internal FTP Serv #$IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 2100 -j DNAT --to 172.16.0.123:2100 #$IPTABLES -t nat -A PREROUTING -i ppp0 -p udp --dport 2100 -j DNAT --to 172.16.0.123:2100 ### Internal Web Server DNAT #$IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 8888 -j DNAT --to 172.16.0.123:80 #$IPTABLES -t nat -A PREROUTING -i ppp0 -p udp --dport 8888 -j DNAT --to 172.16.0.123:80 ### Allow Port Forwarding on the Ports Specified #$IPTABLES -A FORWARD -p tcp -i ppp0 -d 172.16.0.123 --dport 2100 -j ACCEPT #$IPTABLES -A FORWARD -p udp -i ppp0 -d 172.16.0.123 --dport 2100 -j ACCEPT #$IPTABLES -A FORWARD -p tcp -i ppp0 -d 172.16.0.123 --dport 80 -j ACCEPT #$IPTABLES -A FORWARD -p udp -i ppp0 -d 172.16.0.123 --dport 80 -j ACCEPT ---------------------------------------------------------------------------- ------------ $IPTABLES -t nat -A PREROUTING -i $EXTERNALIF -p tcp --dport 1494 -j DNAT --to $PINE:1494 $IPTABLES -A FORWARD -p tcp -i $EXTERNALIF -d $PINE --dport 1494 -j ACCEPT $IPTABLES -t nat -A PREROUTING -i $EXTERNALIF -p tcp --dport 1450 -j DNAT --to $PINE:1450 $IPTABLES -A FORWARD -p tcp -i $EXTERNALIF -d $PINE --dport 1450 -j ACCEPT $IPTABLES -t nat -A PREROUTING -i $EXTERNALIF -p tcp --dport 3389 -j DNAT --to $PINE:3389 $IPTABLES -A FORWARD -p tcp -i $EXTERNALIF -d $PINE --dport 3389 -j ACCEPT ---------------------------------------------------------------------------- ------------------ have you also checked to make sure you dont need udp ???
