Hello, I have the following setup and Im trying to forward all incoming connection on port 1194 on eth2 which is the external network to ip 192.168.10.100, but seems its not working.

Current config:

# Generated by iptables-save v1.3.8 on Sun Nov 16 00:00:54 2008
*nat
:PREROUTING ACCEPT [26751696:2175544875]
:POSTROUTING ACCEPT [339911:19096812]
:OUTPUT ACCEPT [339825:19075304]
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d ! 192.168.10.0/255.255.255.0 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.11.0/255.255.255.0 -d ! 192.168.11.0/255.255.255.0 -o eth2 -j MASQUERADE
COMMIT
# Completed on Sun Nov 16 00:00:54 2008
# Generated by iptables-save v1.3.8 on Sun Nov 16 00:00:54 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [753:246984]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1138 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
-A FORWARD -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED -j ACCEPT
COMMIT

plus im adding the prerouting:

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 1194 -j DNAT --to-destination 192.168.10.100

This configuration doesnt work. I also I have tried:

iptables -D PREROUTING -t nat -p tcp -d XX.XX.XX.XX --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.10.100:1194

and the same its not working.

Connecting thru telnet to the domain: telnet mydomain.org 1194 doesnt work, but within the server, running telnet 192.168.10.100 1194 it works.

Does anyone have an idea whats the problem?

One thing you should check is to make sure IP Forwarding is turned on.

Check the output of /proc/sys/net/ipv4/ip_forward by running

If the output is a zero, then enable IP Forwarding by running

ok, but you also need something in the FORWARDING chain to allow it. you probably know this already, but
openvpn runs on UDP port 1194 by default.

Its running on tcp port 1194 and have not idea what else to do.

ip_forward is enabled.

To be more explicit, you need something like this:
If you're still having problems after installing these rules, you can use tcpdump
to see whether the packets and replies are being sent/received.

Sorry, but thats not working ether... other ideas. Normally I dont have a problem with this, but I cant figure it out what im doing wrong.

Is a packet being filtered by your FORWARD chain's policy when your test fails?If so, post the log entry generated by said packet.

While we're at it, are your routes properly set? Let's see the output of:Also, please show us the output of these commands, so that we may see your current, actual configuration:Please use CODE tags when you post output, so that it's easier to read.

1. please check your 192.168.10.100's gateway. that must be XX.XX.XX.XX's LAN IP.

2. you should check - telnet mydomain.org 1194 only from outside of this Gateway.

[EDIT]Removed. This was essentially barshani's point #2.