Hi Ward, On Thu, Feb 19, 2009 at 20:27, <Ward.P.Fontenot at wellsfargo.com> wrote: > I add that and telnet to the port on BOX A and get > Trying 192.168.0.1... > telnet: connect to address 192.168.0.1: Connection refused > I can telnet to that port on BOX B and get a successful connection. The problem is that when BOX B responds, it will respond with a 192.168.0.2 source IP, and that will only work if it goes through BOX A again (for the DNAT to do the address translation back to 192.168.0.1). In short, this will only work if traffic goes back to the source through BOX A. For instance, this will NOT happen if the host that is connecting to the forwarded port is in the same subnet as hosts BOX A and BOX B. This will also NOT happen if BOX A is not the default gateway of BOX B, or there is somehow another configuration that routes the return packets through BOX A (like using an SNAT combined with the DNAT to make the connections look like they are coming from BOX A). What exactly are you trying to accomplish? Port forwarding is only useful when you are trying to do something very specific, namely provide to the Internet a service hosted in a machine that is behind NAT, other than that, in most cases it creates more problems than it may solve. If you give more details on what your real problem is, maybe we can give you other alternatives on how to tackle it. HTH, Filipe