Hello guys!
I'm struck with a problem:
I've got a router, connected to 3 different networks:

• The LAN of my district(say ReedLan)
• My internal one, which is hidden by NAT with my ip
• The pptp tunnel providing me with Internet. It is held over ReedLan(see 1)

I route the Internal-to-ReedLan traffic hidden by my ReedLan IP, and Internal-to-Intenet hidden by my ip in my provider's VPN.
If I launch WoW on my router is runs perfectly. But whenever I tried on internal network computers I got the same error: The RS(phase 1) connection is executed properly, but when it comes to the phase 2 connection to main game server I end up with a timeout caused, I decided, by the lost connection tracking.
If I put down the tunnel on my router and start the VPN session directly from internal computer(my router's managing GRE traffic and NATting it to my ReedLan ip) - it works great.
So what should I do to make linux firewall work with WoW connection tracking? Anybody has an idea?

Have you got the WoW-required ports on the router set to route to the internal machine?

I got several internal machines using WoW simultaneusly(realy forgot the spelling of the word), so it is likely impossible to DNAT or I did miss something important?
By now I 'm SNATting. It looks like that:

what I did:
iptables -P FORWARD DROP
iptables -A FORWARD -s 172.12.0.0/24 -j ACCEPT
iptables -A FORWARD -d 172.12.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.12.0.0/24 -d 10.0.0.0/8 -j SNAT --to-source=10.17.39.220
iptables -t nat -A POSTROUTING -s 172.12.0.0/24 -d !10.0.0.0/8 -j SNAT --to-source=172.17.2.235
Nothin' else. Every program but WoW works correctly.