Hi Fabian,

I believe you need to to give an overview of your setup... because if the service is *on a remote server*, how can "-j DNAT --to 192.168.0.25:3389" help?

So please indicate
- where is your client running (the initiator of the TCP session)
- where is your server process running (the receiving end of the TCP session)
- your client's network setup (including IP network info)
- clients's connection to the firewall you're trying to configure
- firewall setup (interfaces + their IP addresses, eventually routing table)
- connection from firewall to server
- server network setup

As you can see, you've got me sufficiently confused :[

Regards,
Jens