linux

Forwarding does not work without the sursnat rule?

Greetings, I always forwarded ports on ubuntu with one prerouting rule, redirecting the external port to the IP address and the port of the internal host. Now it was necessary to forward the rdp port for the screw server. The scheme is as follows: the screw server is located in the vlan which is described on the gateway with iptables on which I just forward the port. I write the following rule:

iptables -t nat -I PREROUTING -d 100.100.100.100 -p tcp --dport 5555 -j DNAT --to-destination 10.61.255.1:3389

. As a result, it does not work, in the tspdump you can just see the connection of my IP address to the port that is specified in the pre-routing, but the tsp is not installed.
As a result, it worked only if you write the rule:

Chain POSTROUTING (policy ACCEPT 576K packets, 44M bytes)
pkts bytes target prot opt ​​in out source destination
6453 336K SNAT tcp -- * * 0.0.0.0/0 10.61.255.1 tcp dpt:3389 to:10.61.255.254

10.61.255.254 gateway for the Windows server network, the question is: why does forwarding only work with this rule? Previously, only one pre-routing rule was enough. Thanks