Ok I have a win2k3 server setup with routing and remote access accepting L2TP connections and it works fine if you connect internally. If I have to go through my IPTABLES firewall running on debian 4 the connection never happens. PPTP works fine forwarding to my server but L2TP does not. I know it is a problem with the firewall not forwarding everything to the server, but I have been working days on this and I am about to give up so I am asking for help with this. My current firewall config to forward this packets are as follows:

#IPSec
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 500 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 500 -j DNAT --to $server

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 4500 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 4500 -j DNAT --to $server

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 1701 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 1701 -j DNAT --to $server

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p 50 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p 50 -d $EXTIP -j DNAT --to $server

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p 51 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p 51 -d $EXTIP -j DNAT --to $server

What is wrong with this? Why will it not work external to internal, I know it works fine internal to internal.

Moved: This thread is more suitable in Linux - Networking and has been moved accordingly to help your thread/question get the exposure it deserves.