LinuxQuestions.org - JAMES or DNAT problem?

Hey everyone,

need experts' help!

I've got:

server1 - server box somewhere on the Internet
server2 - server with Apache James behind the Ubuntu NAT box

Here's Ubuntu's netfilter ruleset representing DNAT:

Code:

...

iptables -A FORWARD -d $INT_IP -i $WAN_IF -o $INT_IF -j ACCEPT

iptables -t nat -A PREROUTING -d $EXT_IP -i $WAN_IF -j DNAT --to-destination $INT_IP

...

I'm sure that NAT/DNAT works fine because I can access the Internet from server2 and I also can connect to James SMTP module on server2 (`telnet server2 25` is ok), but `telnet server2 110` gives a "Connection refused" error just after short delay. Why I am thinking it's an DNAT problem? I've started `nc -l 2424` on server2 and successfully telneted from server1 on port 2424, but if listening by netcat port is privieleged (i.e. `nc -l 24`) then `telnet server2 24` from server1 gives same "Connection refused" error. But still... Why 25, 80 and 443 ports are DNATed successfully?! I'm stuck.

Here's extract from James' config.xml:

Code:

  <pop3server enabled="true">

      <port>110</port>

      <handler>

        <helloName autodetect="false">XXX.YYY</helloName>

        <connectiontimeout>120000</connectiontimeout>

      </handler>

  </pop3server>