I am building a small office network with virtual machines. My schema is this:

• Computer A: gateway, ip 1.1.1.1, iptables used for NAT [eth0=public internet dhcp, dhcp; eth1=gateway]
• Computer B: client, ip 1.1.1.2, using gateway from Computer A.

NAT is working, and Computer B can access the internet using the A's gateway. I redirected some incoming ports from A to B (for instance, if A receives a request to port 80, it goes automatically to Computer B's Apache).

The thing is that I do not really understand how to open/close ports for Computer B from Computer A. I know how to close a port:

iptables -A INPUT -p tcp --dport 80 -j DROP

And it will refuse all incoming (not output) connections to port 80. However, this works for main interface eth0. I tried to, for instance, drop ingoing and outgoing connections for Computer B, port 80:

iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j DROP
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -j DROP

But it does not work. And I cannot figure out what I am doing wrong. Any clue?