Here is my scenario:
I have a cisco 3640 router with a analog modem module in it. I have the
pool address set to 192.168.10.0/28 (192.168.10.3-192.168.10.10) assigned
to the connected user. It works. The ethernet int on the router is
192.168.10.1. I have an entry like 
'ip route 192.168.10.0 255.255.255.240 eth1/1'
'ip route 192.168.2.0 255.255.255.0 eth1/1'

I have a linux box doing ipchains and ipmasqadm portfw. The ethnet
interface(s) are 192.168.10.2 and 192.168.2.250

Dialup(192.168.10.5) ->router(192.168.10.1)->Linux(192.168.10.2)
->ipchains(192.168.2.250)->Citrix Server(192.168.2.243)

I have all my ipchains rules set, with everything being logged.
I have an ipmasqadm entries as follows:
ipmasqadm portfw -a -P tcp -L 192.168.10.2 1494 -R 192.168.2.243 1494
ipmasqadm portfw -a -P udp -L 192.168.10.2 1604 -R 192.168.2.243 1604

Problem is, I can't connect to the citrix box.
I set the dialup client to either poll for published apps, or just head
striaght to 192.168.10.2, but no response.

I can ping my linux box from a dialup ip, so I know I am making it
thru the router. I do not see anything being denied in ipchains!

What have I missed.
Need Help

Mike
mgcon@getnet.com
http://www.getnet.com/~mgcon
Phoenix, AZ
USA