Here is the scenario: I'm running Slackware 10.2 on a Dell Poweredge 2850. It has two network cards, and I have the first (eth0) configured as my external for a web server. The other NIC (eth1), I need to configured to accept MySQL traffic (port 3306) from our internal network (172.16.x.x). In fact, only one specific IP address on the internal network needs access to eth1.
I am not sure how to set this up. This is not a router or bridge situation, since no traffic should pass from the external to the internal network, nor should internal traffic be allowed out.
I've tried a couple of iptables rules, but none work for me. An example is:
But it does not work. How can set up this kind of scenario?

By doesn't work, do you mean that

1. other computers on the 172.16 subnet can access port 3306
2. 172.16.0.1 is unable to connect to the server

Hope MySQL is listening on port 3306 (netstat -nl)

I should have given more details: by doesn't work, I mean that no computer on the 172.16 subnet can access the server. However, the server can ping itself, using the static IP addressed assigned to it on the 172.16 subnet. There doesn't seem to be any trouble with eth0, which has a "real" IP address. The web server is up and working, and I can SSH to it.
Netstat does show that port 3306 is listening, and I can connect to port 3306 using the "real" IP address on eth0. We had planned to keep all of the MySQL traffic on the internal network, thus the reason we are trying to get eth1 up and running.

You must have

1. ruled out hardware problems (patch cord/port on switch/hub)
2. checked subnet mask matches the network