zdraveite, 
problema mi e sledniq. 
imam GW s 2 interface-a :  
eth0 s realno IP  
eth1 za vytreshna mreza. 
Iskam prez Inet da se prenasochvat zaqvkite kum FTP kum 
host ot LAN-a. 
 
host-ovete ot LAN-a sa s SNAT: 
 iptables -t nat -A POSTROUTING -s vytreshno_ip -d 0.0.0.0/0

-j SNAT --to real_ip_na_gw 
 
opitah sys slednoto: 
 iptables -t nat -A PREROUTING -p tcp -d real_ip --dport 21
-j 
DNAT --to vytreshno_ip:21 
i syshtoto za 20 port. 
 
S iptraf vizdam che se zakacha v ednata posoka, no nqma 
transfer obratno. 
Znam che za FTP trqbva da zakacha i module-a 
ip_conntrack_ftp /toi e compiled v qdroto napravo/ 
 
Probvah s http /za da se izbegnat problemite idvashti ot 
PASSIVE mode eventualno na ftp-to/.Pak nishto ne stana. 
 
Mersi predvaritelno za syvetite. 

-- snip --
# some definitions
 
GW_EXT_IFACE = "eth0" # gateway external i-face
GW_INT_IFACE = "eth1" # gateway internal i-face
GW_EXT_IP = "212.234.12.56" # gateway external IP
GW_INT_IP = "10.12.12.1" # gateway internal IP
FTP_IP = "10.12.12.57" # ftp host IP
FTP_PORT = "21"

# begin
 # nat table, PREROUTING chain, that's the place we do
destination NAT
 iptables -t nat -A PREROUTING -i $GW_EXT_IFACE -p tcp
--dport $FTP_PORT  \
-j DNAT --to-destination $FTP_IP          
 
 # FORWARD chain ( I skip INPUT coz we don't need it in this
example )
 iptables -P FORWARD DROP # set the default policy of the
chain 
 
# get advantage of iptables connection tracking module 
 # all ESTABLISHED or RELATED connections coming from
internet are accepted

 iptables -A FORWARD -i $GW_EXT_IFACE -o $GW_INT_IFACE -p tcp
 \
 -m state --state RELATED,ESTABLISHED -j ACCEPT             


# allow connection from internet to the ftp internal host
 iptables -A FORWARD -i $GW_EXT_IFACE -o $GW_INT_IFACE -p tcp
 \
-d $FTP_IP --dport $FTP_PORT -j ACCEPT

 # all left RELATED (like ftp-data) and already ESTABLISHED
 connections from the ftp internal host to the internet are
accepted
 iptables -A FORWARD -i $GW_INT_IFACE -o $GW_EXT_IFACE -p tcp
 \
-s $FTP_IP -m state --state RELATED,ESTABLISHED -j ACCEPT
 
-- snip --

 P.S.  There's no need to "mersi predwaritelno" my friend ;-)
 Cheerz.