linux

How to forward a port in ubuntu?

hello, help with the problem plz (in linux I rummage weakly): there is ubuntu 18.04.2 on it, a vpn server (l2tp ipsec) is configured according to the script, the client (windows 7) connects, everything works ok. You need to forward port 55658 so that you can go to 3389 rdp from an external vpn address. Locally on the client on 3389 I come normally. There are no filters on the router.

-A PREROUTING -d 5.253.xx.xx/32 -i eth0 -p tcp -m tcp --dport 55658 -j DNAT --to-destination 192.168.42.10:3389

so for some reason it doesn't work.
here is iptables-save:

:INPUT ACCEPT [423:29874]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2550:394824]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -i eth0 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -d 192.168.43.0/24 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.43.0/24 -o eth0 -j ACCEPT
-A FORWARD -j DROP
COMMIT

*nat
:PREROUTING ACCEPT [1:40]
:INPUT ACCEPT [1:40]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 5.253.xx.xx/32 -i eth0 -p tcp -m tcp --dport 55658 -j DNAT --to-destination 192.168.42.10:3389
-A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.43.0/24 -o eth0 -m policy --dir out --pol none -j MASQUERADE
COMMIT