Port forwarding from external to internal isolated LAN

[zrak]

I feel like this should have been straight forward but not working. Basically I have two bridge networks vmbr0 (192.168.1.0/24 and on my home LAN) & vmbr1 (192.168.100.0/24 and isolated). I have VM1 (192.168.100.10) attached to vmbr1. The proxmox host is at 192.168.1.100.
Summarizing the setup:

vmbr0 192.168.1.0/24 GW 192.168.1.1
vmbr1 192.168.100.0/24 No GW
Proxmox host: 192.168.1.100
VM1: 192.168.100.10
Home LAN: 192.168.1.0/24 GW 192.168.1.1
Source computer on home network: 192.168.1.2

From a computer (192.168.1.2) on my home network I'm sending tcp data:

echo this | netcat 192.168.1.100 3002

and would like to see it on the other end with:

netcat -lp 3002

To get started, that works when the netcat listening is done on the proxmox host console.
Then I added these rules:

iptables -t nat -A PREROUTING -p tcp -d 192.168.1.100 --dport 3002 -i vmbr0 -j DNAT --to-destination 192.168.100.10:3002

Now I'm not getting the test data on the proxmox host but I'm not getting it on the VM either. What am I doing wrong?

 

[zrak]

For anyone else running into this issue, I missed the forwarding entry since destination is on a different subnet. Anyway, this works

iptables -A PREROUTING -t nat -p tcp -i vmbr0 --dport 3002 -j DNAT --to-destination 192.168.100.10:3002
iptables -A POSTROUTING -t nat -p tcp -d 192.168.100.10 --dport 3002 -j MASQUERADE
iptables -A FORWARD -p tcp -d 192.168.100.10 --dport 3002 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT