trouble solving the following problem:
A=router WAN x.x.x.x LAN 192.168.1.1
B=debian server 192.168.1.2
C=Win 2003 machine 192.168.1.3
shortly: A has NAT enabled, default server is B, so every incoming connection reaches B.
for a reason which would be long to explain, I need to transfer incoming connection to B at port 3389 (rdp) to C at port 60001.
iptables -A PREROUTING -t nat -p tcp -d 192.168.1.2 --dport 3389 -j DNAT --to-destination 192.168.1.3:60001
packets reaches C but I suppose I need to have them routed on the way back. How do I do that? SNAT or MASQUERADING? with a couple of SNAT rules it roughly works, but I'm sure I'm missing something.