iptables: redirect eMule ports

[jordi]

Hello,

I'm setting up a public services subnetwork and I need some help with iptables. This is what I manage:

Firewall (Debian 4.0r3) with 3 NIC's:

eth0 NET, interface "INET", subnet 192.168.3.0/24, connected to a DSL router pointed by a public static IP address.
eth1 DMZ, interface "IDMZ", subnet 192.168.2.0/24, only one machine
eth2 LOC, interface "ILOC", subnet 192.168.1.0/24 (XLOC)

The default policy for INPUT, OUTPUT, FORWARD chains (and PRE/POST-ROUTING) is DROP.

The firewall masquerades all that comes from LOC and DMZ subnets going to the Internet.

I'm having problems with eMule ports redirection to a machine in the local network, this is the related portion of the ruleset:

Code:

iptables -t nat -A PREROUTING -i $INET -p tcp --dport 4662 -j DNAT --to-destination $MACHINE:4662
iptables -t nat -A PREROUTING -i $INET -p tcp --dport 4672 -j DNAT --to-destination $MACHINE:4672
iptables -t nat -A PREROUTING -i $INET -p tcp --dport 4665 -j DNAT --to-destination $MACHINE:4665

iptables -A FORWARD -i $ILOC -o $INET -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -i $INET -o $ILOC -m state --state ESTABLISHED,RELATED -p tcp --sport 4662 -j ACCEPT

iptables -A FORWARD -i $ILOC -o $INET -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 4672 -j ACCEPT
iptables -A FORWARD -i $INET -o $ILOC -m state --state ESTABLISHED,RELATED -p tcp --sport 4672 -j ACCEPT

iptables -A FORWARD -i $ILOC -o $INET -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 4665 -j ACCEPT
iptables -A FORWARD -i $INET -o $ILOC -m state --state ESTABLISHED,RELATED -p tcp --sport 4665 -j ACCEPT

even though simple, it does not work (I continue having LowID), some help please

[jordi]

Errata: transcription error, 4672 & 4665 are UDP, this way is how I have it actually configured.