a little help needed for adding nat rule
 

hi all.
i've got everything running now. and i want to port forward 3389 to my windows. so that i can remote access it. so how do you add this rule??

this is what i have, but it doesn't work.
----------------------------
EXTIP is my wan ip
10.0.10.2 is my windows server's ip

iptables -t nat -A PREROUTING -d $EXTIP -p TCP --dport 3389 -j DNAT --to-destination 10.0.10.2:3389

iptables -t nat -A POSTROUTING -s 10.0.10.2 -p TCP --sport 3389 -j SNAT --to-source $EXTIP
----------------------------

here is my set up
1 debian box with 2 nics acting as gateway/firewall
- nat is working fine for my whole network.
so the only problem i have is to port forward 3389 to my windows.

please help

don't worry about it guys. it's working fine now. my silly mistake. i just post my solution as well, in case someone having similar problem.
----------------
coz i set my default forwarding policy to drop. so ofcourse the traffic can't travel across my network.
so i just need to add
iptables -A FORWARD -p tcp -i $WAN -d 10.0.10.2 --dport 3389 -j ACCEPT

it works perfectly fine now. =)
---------------------