Hi,

we have a mac on the network runnign timbucktu on port 407. the problem is that it is behind our firewall. I need to setup port forwarding so that all traffic destined for that port goes to that pc.

I am running RH 9 and iptables. i edited the iptables and added this line:

-A PREROUTING -i eth0 -p tcp -m tcp -d *.*.*.* --dport 407 -j DNAT --to 10.10.1.243:407

but when i try to telnet to it does nothing. it doesn't give me any errors or anyting it just says trying ....

ethereal on it and it is sending SYN packets over and over but never gets a response? how can i correct this problem?

A couple of thoughts...

You don't need the -d definition in the PREROUTING unless you have more than 1 ip number on the interface

Which rules precede this one?
Specific rules like this should be in the beginning of the ruleset rather than -A adding them to the end...

Practise using -j LOG entries before each DNAT, eg
-A PREROUTING -i eth0 -p tcp --dport 407 -j LOG --log-prefix "nat_in " to watch that packets are arriving

Packets can still die later in the FORWARD chain...
Make sure there is a rule to allow this port, eg
-I FORWARD 3 -p tcp --dport 407 -d 10.10.1.243 -j ACCEPT

Of course, just adding these rules can break your firewall too, depending on the existing rulesets.
If you have edited /etc/sysconfig/iptables directly, be aware there is a special syntax it expects and DNAT --to is not correct there.
Always better to do it from a command line until you are satisfied it works, then do service iptables save to keep them stored. The command line adds the rule immediately whereas /etc/sysconfig/iptables additions require iptables to be restarted to activate the rules.

A recommended tutorial.

thatnks for the tuturial. that helped.