Laurent Wandrebeck wrote: > On Tue, 13 Dec 2011 10:23:45 -0500 > cliff here <c4ifford at gmail.com> wrote: > >> My best guess would be to move your forwarding rules to the INPUT chain >> instead of being in the PREROUTING. > Will try that once I figure out iptables syntax. > Is it me or I hit a system-config-firewall bug in rules generation ? These days, I either edit /etc/sysconfig/iptables or iptables-save > iptables. Take one, clone it, edit the line. -s source, -d destination, -p protocol covers most of it, along with -j ACCEPT or -j DROP. mark