Forwarding RDP via a Linux machine using iptables: Not working

Add port in iptables rules?:

iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination win-box:3389
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT

I am not very sure it's the reason. But I usually do it in this way: http://www.systutorials.com/816/port-forwarding-using-iptables/

You can all try flush the tables first: iptables -t nat -F; iptables -F and then add these two rules in case other rules in your iptables block the connection.

You may also

cat /proc/net/nf_conntrack

and see the content there. Each forwarding connection has entries there.

Note: MASQUERADE is required as well if the outbound route from windows does not by default pass through the iptables box; see comments below ( you may need to unhide).

I saw you solved the issue with MASQUERADE. I didn't notice that last comment was hidden, so I had to solve the question for my own, thanks to the great Iptables Tutorial (look for it in Freshmeat). I did almost the same as you, but doing a SNAT instead of MASQUERADE, since the linux box has a static local IP. MASQUERADE would be more appropriate if the linux box had its IP given by DHCP, otherwise it's told to be a more processor consuming task.

I didn't need any FORWARD rule, although I had to

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward