# Generated by iptables-save v1.2.6a on Thu Nov 21 21:15:39 2002 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -d _REAL_IP -i eth0 -p tcp -m tcp --dport _EXT_PORT -j DNAT --to-destination _INT_HOST:_INT_PORT -A POSTROUTING -s 10.0.1.0/24 -d ! 10.0.1.0/24 -j SNAT --to-source _REAL_IP COMMIT # Completed on Thu Nov 21 21:15:39 2002 # Generated by iptables-save v1.2.6a on Thu Nov 21 21:15:39 2002 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Thu Nov 21 21:15:39 2002 # Generated by iptables-save v1.2.6a on Thu Nov 21 21:15:39 2002 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :eth1-in - [0:0] :eth1-out - [0:0] :tcprules - [0:0] -A INPUT -i eth1 -j eth1-in -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT -A INPUT -s 10.0.1.0/24 -d 10.0.1.1 -i eth0 -j ACCEPT -A INPUT -s 10.0.1.0/24 -d _REAL_IP -i eth0 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -d _REAL_IP -i eth0 -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset -A INPUT -j tcprules # block :25 to world (only through 10.0.1.1:25) -A FORWARD -s 10.0.1.0/24 -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j tcprules -A OUTPUT -o eth1 -j eth1-out -A eth1-in -j RETURN -A eth1-out -j RETURN -A tcprules -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A tcprules -i ! eth1 -m state --state NEW -j ACCEPT -A tcprules -i eth1 -m state --state INVALID,NEW -j DROP -A tcprules -i eth1 -j REJECT --reject-with icmp-host-unreachable COMMIT # Completed on Thu Nov 21 21:15:39 2002