iptables port forwarding not working

hi-

following a helpful gentoo guide on iptables I got it to replace my netgear router, but I've not been able to get port forwarding working. here are my defs:

iptables -F iptables -t nat -F iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP

export LAN=eth0 export WAN=eth1

iptables -I INPUT 1 -i ${LAN} -j ACCEPT iptables -I INPUT 1 -i lo -j ACCEPT

iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT iptables -A INPUT -p TCP --dport www -i ${WAN} -j ACCEPT iptables -A INPUT -p TCP --dport https -i ${WAN} -j ACCEPT iptables -A INPUT -p TCP --dport smtp -i ${WAN} -j ACCEPT iptables -A INPUT -p TCP --dport auth -i ${WAN} -j ACCEPT iptables -A INPUT -p TCP --dport imaps -i ${WAN} -j ACCEPT iptables -A INPUT -p TCP --dport ssmtp -i ${WAN} -j ACCEPT

iptables -A INPUT -p TCP -i ${LAN} -d 0/0 --dport 0:1023 -j DROP iptables -A INPUT -p UDP -i ${LAN} -d 0/0 --dport 0:1023 -j DROP iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp --dport 902 -i ${WAN} -j DNAT --to

192.168.0.201 iptables -t nat -A PREROUTING -p tcp --dport 3389 -i ${WAN} -j DNAT

--to 192.168.0.201 iptables -t nat -A PREROUTING -p tcp --dport 7004 -i ${WAN} -j DNAT

--to 192.168.0.201 iptables -t nat -A PREROUTING -p tcp --dport 6346 -i ${WAN} -j DNAT

--to 192.168.0.201 iptables -t nat -A PREROUTING -p tcp --dport 6883 -i ${WAN} -j DNAT

--to 192.168.0.201

echo 1 > /proc/sys/net/ipv4/ip_forward for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f; done /etc/init.d/iptables save

Also, when building kernel 2.4.22, I didn't find the option for "IP range match support" within IP: Networking Options -> IP: Netfilter Configuration ---> IP tables support, so I just skipped it. Did I do bad?

What's off?

Bill