#!/bin/sh echo "enable ip_forward" echo "1" > /proc/sys/net/ipv4/ip_forward echo "Load iptables" modprobe ip_tables modprobe ip_conntrack_ftp modprobe ip_conntrack modprobe ip_nat_ftp echo "clean iptables" iptables -F iptables -X iptables -t nat -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -A POSTROUTING -o eth0 -s 192.168.3.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 \ -j DNAT --to 192.168.3.10:80 iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 \ -j DNAT --to 192.168.3.10:22 iptables -A OUTPUT -p tcp -d 192.168.3.10 -o eth1 -j ACCEPT iptables -A INPUT -s 192.168.3.10 -i eth1 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A FORWARD -i eth0 -j ACCEPT iptables -A FORWARD -i eth1 -j ACCEPT echo "Done."