Brad Smith wrote:
The packets hit PREROUTING and FORWARD, but not INPUT or OUTPUT, as expected.With iptables forwarded packets would not hit the INPUT or OUTPUT chains. That was only true of ipchains.
All chains on the gateway ACCEPT by default
The firewall on the client and vnc server is down
Given Kenneth's observation about interfaces I would double-check the address in the nat rule, and I would verify that the interface connecting to the vnc server is correctly addressed and masked to include that address. My guess is that one of those is wrong and the gw is trying to deliver the nat'd packets via its default gateway.
Chris
-- ----------------------------------------------------------- "Spend less! Do more! Go Open Source..." -- Dirigo.net Chris Johnson, RHCE #807000448202021
