I have a Debian linux machine with two network cards pluged into two seperate networks:
eth0 Link encap:Ethernet HWaddr 00:0C:295:BA:19
inet addr:192.168.0.56 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed5:ba19/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:725 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:81696 (79.7 KiB) TX bytes:2304 (2.2 KiB)
Interrupt:17 Base address:0x1400

eth2 Link encap:Ethernet HWaddr 00:0C:295:BA:23
inet addr:10.1.6.25 Bcast:10.1.6.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed5:ba23/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3860 errors:0 dropped:0 overruns:0 frame:0
TX packets:611 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:354728 (346.4 KiB) TX bytes:80948 (79.0 KiB)
Interrupt:18 Base address:0x1480

what I want to be able to do is forward ports from one network to the other. For instance, one machine on the 192.168.0.x network listens for telnet connections on port 5800, I want to be able to from a machine in the 10.1.6.x network run the command "telnet 10.1.6.25 5800" and get a connection to it. Eventualy I want to be able to pass ports 25,110,143,8080 and 3389 (but nothing else)in the same way, but one step at a time.
The box can ping machines on both networks, so it's not a network issue.

You would think that this would be either simple or be well documented. I have discovered that it is neither.
The closest I have come to a solution so for is this:

iptables -A FORWARD -i eth2 -o eth0 -d 192.168.0.64 -p tcp --dport 5800 --sport 5800 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 5800 -j DNAT --to 192.168.0.64
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

but it just looks right, actual conectivity still eludes me.

you have mentioned that . Did you check if a pc in one network can ping to a pc in another network?.

If you can configure your iptables to allow icmp and then start it will be easier to troubleshoot the issues.

And make sure that pcs on both networks use the linux box as the default gateway.

A typical iptables script will include
to allow forwarding.

Edit - perhaps http://iptables-tutorial.frozentux.net/ will help

sunethj: That's not realy how I want it to work (the icmp packets from the 192 network cause havoc on the 10.1 network, there's a machine that ping floods anything it detects which is why there is a physical barier between them). What I want is for the bridge to masqurade as the machine on the far network (ie, telneting to the bridge is logicaly identical to telneting to the telnet server), so it would act more like an internet NAT firewall than an actual bridge.

billymayday: Thanks for that, I'm reading the tutorial you sugesed right now and will try the echo command when I get into work.

Yay! It works! looks like all I needed was the echo command at the start

my iptables startup script now looks like this: