DNATed packet not hitting FORWARD chain

[primero]

James wrote:

>Hi,
>
>I'm having some trouble getting DNAT to work properly.  I have a gateway
>machine that has two different connections to the Internet, on eth1 and
>eth2.  I'm trying to allow inbound port 1723 to be forwarded to an internal
>PPTP server through both interfaces.  It works on eth2, but not eth1.
>Here's what I've got:
>
>  
>
Hi
I would try to check if packets arrives on .165 by tcpdump on this host.
just to see if DNATTING and FORWARDING is done correctly, and it should
be based on rules u showed us.

Then i would ask how do you deal with routing packets on your gw. I
mean, if u receive the connection on eth2 and you DNAT and forward to
.167 , the returning packets from .167 should be routed to the eth2 and
exit the gw from that interface. The same for eth1 and .165

What about you routing settings on the gw? maybe u use eth2 as default
route interface and also the packets that come back from .165 exits and
are routed by eth2. this way you'll never get the SNAT rule associated
to the previous DNAT rule matched and applied .

BTW this is just an idea ;)

bye
primero