Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address - 1.2.3.4/29) to the internet ip address ( 2.3.4.5/29) of SECOND firewall. That firewal DNATs port 25 to mail server @ 192.168.100.3 in DMZ zone. These are rules I have added. FIRST firewall (its internet ip address - 1.2.3.4/29) I have addes below rule. iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 25 -j DNAT --to-destination 2.3.4.5:25 That should forward port 25 to SECOND firewall. in SECOND firewall, I have added 2 below rules. iptables -t nat -A PREROUTING -p tcp -i eth0 -d 2.3.4.5 --dport 25 -j DNAT --to-destination 192.168.100.3:25 iptables -A FORWARD -p tcp -d 192.168.100.3 --dport 25 -m state --state NEW -j ACCEPT Now, it should forward port 25 to mail server @ DMZ Zone. I think I have added these rules properly. But, It does not work. I checked from outside world . I telneted to port 25 of first firewaal. Then, It should forward to mail server @ DMZ zone. But, no responce. WHY is that? YOUR IDEAS? -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070925/f979f5c3/attachment-0004.html>