iptables snat problem

[piti]

i had previously my entire lan snated, but boss thought i should stop that and allow direct connections only to selected local machines and selected public hosts
so i did, but ...
some rules work as they should, some partially - only ping and traceroute can be done

some of my rules are as follows:
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.2 -d $MY_HOST_1 -o $I_NET -j SNAT --to-source $ISP_IP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.5 -o $I_NET -j SNAT --to-source $ISP_IP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.114 -o $I_NET -j SNAT --to-source $ISP_IP
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.110 -d ftp.szm.sk -o $I_NET -j SNAT --to-source $ISP_IP

where the 1.2 and 1.5 hosts can connect to the allowed/all hosts and 1.114 and 1.110 only ping and traceroute works
even when i use the -LOG target nothing is logged, as if there was no connect attempt
am i missing something with this iptables config?
thanx

 

[yiutin03]

have you set to accpet the flag of NEW packets?
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW -j ACCPET?

 

[piti]

everything is set properly - as i said some machines work and now i know what's the prob
i don't know why, but all tcp requests are from the clients (w98,w2k) passed to the domain controller (w2k) and then to my linux router, all clients have the linux box set as gateway so that's weird i think
only my linux workstations connect directly through the linbox so looks like this is not a misconfigured iptables prob but some m$ trick