Hi

I've very small experiences with iptables and don't know how to realise

PC -> internet -> Firewall:3333 -> myPC -> modem(ISDN, europe) to
externalPC:5900

In words: I want to realise VNC-access to a desktop of an external PC
that is only reachable by modem(ISDN) to a PC, that has Internet acccess
only. MyPC is router Internet -> modem(ISDN)-line.

Where should I start to realise? Dividing the thing into two parts,
internet -> Firewall -> PC (part1) und PC -> per ISDN auf PC:5900 (part2)?

I've already tested without success:

Part 2:
=======
iptables -A PREROUTING -t nat -i ippp0 -p tcp --sport 5900 -j DNAT
--to-destination 192.168.0.52:3333
iptables -A FORWARD -i ippp0 -p tcp --sport 5900 -j ACCEPT
iptables -A FORWARD -o ippp0 -p tcp -s 192.168.0.52 -d 192.168.10.1
--dport 5900 -j ACCEPT

After that I can't access localhost:3333 ! No service! Why is there no
connection to 192.168.10.1?

Part 1: (typed in on my firewall)
=======
iptables -A PREROUTING -t nat -i ppp0 -p tcp --sport 3334 -j DNAT
--to-destination 192.168.0.52:3333
iptables -A FORWARD -i ppp0 -p tcp --sport 3334 -j ACCEPT
iptables -A FORWARD -o ppp0 -p tcp -s 192.168.0.52 --dport 3334 -j ACCEPT

As well as above: "connection refused"

What's my fault?

firewall: dyndns-Adresse, port e.g. 3334
myPC: 192.168.0.52 , port 3333
externalPC: 192.168.10.1 port 5900 (vnc)

danke schon mal
Ekkard