I would like to be able to forward packets from my local lan to the localhost 127.0.0.1. There is a service running here that I can't change the listening address on. I tried an IPTABLES rule but it didn't seem to have an affect and I am thinking that it is because for security the localhost is blocked by default.

Can you explain futher? What service?

Well I was hoping there was a quick answer cause I didn't want to bother anyone with a bunch of details but........

A client SSH's into our server with a remote port forward for 5900 (VNC) Then on that computer hosting the SSH, we use VNC, connect to localhost:5900 and it forwards the port to the remote client.

I don't wanna get up and go do this computer to remote controll. I wanna do it from my puter to the ssh server and forward it that way.

The only other way I thouht of is it create the remote SSH forward to the internal adapter but that doesn't seems to work either for some reason. Then I can't even get VNC to work.

The reason we are doing all this is because for other reasons they can't forward the 5900 on their end so we can connect directly to them.

Here's a small script I did to forward bit torrent from my firewall box to my personal comp. It should be easy to adapt for your own setup. Just change base_port, client_ip and external_ip accordingly.

The for loop exists because I sometimes need to open multiple ports (ex games). Say I need to open 8 ports starting to 6112 (starcraft, warcraft). The for becomes : "for p in `seq 0 7`".

base_port="6881"
client_ip="192.168.0.25"
for p in 0 ; do
let "port=$base_port + p"
iptables -t nat -A PREROUTING -p tcp -d $external_ip --dport $port -j DNAT --to-destination $client_ip
iptables -A FORWARD -p tcp -d $client_ip --dport $port -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -s $client_ip --sport $port -j SNAT --to-source $external_ip
done

Note however you should consider using a physical router if you are not comfortable with iptables and need good, immediate security. It took me a long time to learn to use iptables. Every time I reviewed my firewall I fixed flaws in it.