SMTP Port fowarding

SITUATION
I want to use iptables to forward all incoming traffic on IP 70.86.157.xxx PORT 25 to IP 24.203.99.xxx PORT 2525. (Outside the network)

SCENARIO
1- someone send an email to user@domain.com
2- domain.com MX is mail.domain.com (70.86.157.xxx:25)
3- mail.domain.com:25 foward traffic to 24.203.99.xxx:2525
24.203.99.xxx:2525 proceed the mail.

I USED
I used the following iptables commands.

Code:

---

iptables -t nat -A PREROUTING -p TCP -i eth0 -d 70.86.157.xxx --dport 25 -j DNAT --to-destination 24.203.99.xxx:2525

---

THEN
I check if the commands was succesfuly done.

Code:

---

[root@zeus /]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target    prot opt source              destination         
DNAT      tcp  --  anywhere            xxx.70-86-157.domain.comtcp dpt:smtp to:24.203.99.xxx:2525

Chain POSTROUTING (policy ACCEPT)
target    prot opt source              destination         

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

---

PROBLEM
When i telnet 70.86.157.xxx PORT 25 via an another server located in the same datacenter I receive :

Code:

---

[root@csz /]# telnet 70.86.157.xxx 25
Trying 70.86.157.xxx...
telnet: Unable to connect to remote host: Connection timed out

---

CHECKLIST
Firewall are set on both machine.
Outbound router is set. (I can direct telnet and connect on 24.203.99.xxx PORT 2525 from the server)

SERVER SPECS
Red Hat Enterprise Linux 3 ES (2.4.x)
Plesk r7.5.x
APF version 0.9.6
iptables v1.2.8

Someone?

Code:

---

iptables -t nat -A PREROUTING -p TCP -d <linux_ip> --dport 25 -j DNAT
--to-destination <win_ip>:25

---

i think that's it. man iptables can tell you more about dnat.

Good thread. very interesting ...and something I should be able to put to use. :)

Still not working.. someone got a solution ?