Why wont this IPTables script work correctly

This script is supposed to:

1.) Allow for complete access from internal -> external on ip1 2.) Allow for VPN connections from external on ip1 -> internal server mango 3.) Allow for www and remote desktop from external on ip2 -> internal server limon 4.) Allow for pop ssl smtp from external on ip1 -> internal server banana 5.) Allow pings on both ip1 and ip2

Currently working

1,2, and 4

Not working 3, and 5

I have my network interface script setup as such

eth0 static with ip1 eth0:1 static with ip2 eth2 internal interface static ip as well

Any IPTables experts out there that can tell me whats wrong with this script? I cannot for the life of me figure it out. Thanks a bunch!

#!/bin/sh

#modprobe iptables_nat

modprobe ip_conntrack modprobe ip_conntrack_pptp modprobe ip_nat_pptp

echo 1 > /proc/sys/net/ipv4/ip_forward

IPT="iptables -v" $IPT --flush $IPT -t nat --flush $IPT -X $IPT -t nat -X

IP1="66.xxx.xxx.xxx" IP2="66.yyy.yyy.yyy"

MANGO="192.168.1.200" LIMON="192.168.1.201" BANANA="192.168.1.202"

$IPT -t nat -A PREROUTING -p tcp -d $IP2 -i eth0 -m multiport --dport

80,3389 -j DNAT --to-destination $LIMON $IPT -t nat -A POSTROUTING -p tcp -o eth2 -s $LIMON -m multiport -- sport 80,3389 -j SNAT --to-source $IP2 $IPT -A FORWARD -p tcp -m multiport -d $IP2 -o eth2 --dport 80,3389 -j ACCEPT

$IPT -t nat -A PREROUTING -p tcp -d $IP1 -i eth0 -m multiport --dport

25,110,443 -j DNAT --to-destination $BANANA $IPT -t nat -A POSTROUTING -p tcp -o eth2 -s $BANANA -m multiport -- sport 25,110,443 -j SNAT --to-source $IP1 $IPT -A FORWARD -p tcp -m multiport -d $IP1 -o eth2 --dport 25,110,443

-j ACCEPT

# VPN CONNECTIONS $IPT -A INPUT -p tcp --dport 47 -j ACCEPT $IPT -A FORWARD -p tcp -d $IP1 -o eth2 --dport 47 -j ACCEPT $IPT -t nat -A PREROUTING -p tcp -d $IP1 -i eth0 -m multiport --dport

47,1723 -j DNAT --to-destination $MANGO $IPT -t nat -A POSTROUTING -p tcp -o eth2 -s $MANGO -m multiport -- sport 47,1723 -j SNAT --to-source $IP1 $IPT -A FORWARD -p tcp -d $MANGO --dport 1723 -i eth0 -o eth2 -j ACCEPT

$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to- source $IP1 $IPT -A FORWARD -s 192.168.1.0/24 -i eth2 -o eth0 -j ACCEPT $IPT -A FORWARD -d 192.168.1.0/24 -i eth0 -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p icmp -i eth0 -d $IP1 --icmp-type 0 -j ACCEPT $IPT -A INPUT -p icmp -i eth0 -d $IP1 --icmp-type 3 -j ACCEPT $IPT -A INPUT -p icmp -i eth0 -d $IP1 --icmp-type 11 -j ACCEPT

$IPT -A OUTPUT -p icmp -o eth0 -s $IP1 -d 0/0 --icmp-type 0 -j ACCEPT $IPT -A OUTPUT -p icmp -o eth0 -s $IP1 -d 0/0 --icmp-type 3 -j ACCEPT $IPT -A OUTPUT -p icmp -o eth0 -s $IP1 -d 0/0 --icmp-type 11 -j ACCEPT

$IPT -A INPUT -p tcp -m multiport --dport ! 22 -d $IP2 -j LOG --log- prefix "[IN][dst]: " --log-level 4 $IPT -A INPUT -d $IP2 -j LOG $IPT -A INPUT -j ACCEPT $IPT -A OUTPUT -j ACCEPT $IPT -A FORWARD -p tcp -m multiport --dport ! 22 -d $IP2 -j LOG --log- prefix "[FORWARD][dst]: " --log-level 4 $IPT -A FORWARD -j ACCEPT