root@teacherb:~# echo 1 > /proc/sys/net/ipv4/ip_forward root@teacherb:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE root@teacherb:~# iptables -A INPUT -p tcp --dport 25 -s 10.10.10.0/24 -j ACCEPT root@teacherb:~# iptables -A INPUT -p tcp --dport 443 -s 10.10.10.10 -j DROP root@teacherb:~# iptables -A INPUT -p tcp --dport 8080 -j DROP root@teacherb:~# iptables -t nat -A PREROUTING -p tcp --dport 6666 -j REDIRECT --to-ports 22 root@teacherb:~# root@teacherb:~# iptables -t nat -A PREROUTING -p tcp --dport 6666 -j REDIRECT --to-port 22 root@teacherb:~# iptables -t nat -A POSTROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.100.105:80 root@teacherb:~# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.100.105:80 root@teacherb:~# iptables -t nat -A POSTROUTING -p icmp -s 10.10.10.0/24 -j SNAT --to-source 192.168.100.105 root@teacherb:~# root@teacherb:~# iptables -A INPUT -p icmp -m length --length 200 -j REJECT root@teacherb:~# iptables -A FORWARD -p tcp --dport 80 -d index.hu -m iprange --src-range 10.10.10.30-10.10.10.40 -j DROP root@teacherb:~# iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.100.105:80 root@teacherb:~# root@teacherb:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 10.10.10.0/24 anywhere tcp dpt:smtp DROP tcp -- 10.10.10.10 anywhere tcp dpt:https DROP tcp -- anywhere anywhere tcp dpt:http-alt REJECT icmp -- anywhere anywhere length 200 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere sportgeza.hu tcp dpt:www source IP range 10.10.10.30-10.10.10.40 Chain OUTPUT (policy ACCEPT) target prot opt source destination root@teacherb:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:6666 redir ports 22 REDIRECT tcp -- anywhere anywhere tcp dpt:6666 redir ports 22 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere SNAT icmp -- 10.10.10.0/24 anywhere to:192.168.100.105 Chain OUTPUT (policy ACCEPT) target prot opt source destination root@teacherb:~# root@teacherb:~# root@teacherb:~# root@teacherb:~# root@teacherb:~# iptables-save # Generated by iptables-save v1.4.8 on Wed Oct 10 12:34:51 2012 *filter :INPUT ACCEPT [93:9716] :FORWARD ACCEPT [5020:5269041] :OUTPUT ACCEPT [53:10358] -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 10.10.10.10/32 -p tcp -m tcp --dport 443 -j DROP -A INPUT -p tcp -m tcp --dport 8080 -j DROP -A INPUT -p icmp -m length --length 200 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 217.20.130.97/32 -p tcp -m tcp --dport 80 -m iprange --src-range 10.10.10.30-10.10.10.40 -j DROP COMMIT # Completed on Wed Oct 10 12:34:51 2012 # Generated by iptables-save v1.4.8 on Wed Oct 10 12:34:51 2012 *nat :PREROUTING ACCEPT [186:12417] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [5:608] -A PREROUTING -p tcp -m tcp --dport 6666 -j REDIRECT --to-ports 22 -A PREROUTING -p tcp -m tcp --dport 6666 -j REDIRECT --to-ports 22 -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -s 10.10.10.0/24 -p icmp -j SNAT --to-source 192.168.100.105 COMMIT # Completed on Wed Oct 10 12:34:51 2012 root@teacherb:~# iptables-save > iptables.txt root@teacherb:~# cat iptables.txt # Generated by iptables-save v1.4.8 on Wed Oct 10 12:34:58 2012 *filter :INPUT ACCEPT [94:10048] :FORWARD ACCEPT [5020:5269041] :OUTPUT ACCEPT [53:10358] -A INPUT -s 10.10.10.0/24 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 10.10.10.10/32 -p tcp -m tcp --dport 443 -j DROP -A INPUT -p tcp -m tcp --dport 8080 -j DROP -A INPUT -p icmp -m length --length 200 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 217.20.130.97/32 -p tcp -m tcp --dport 80 -m iprange --src-range 10.10.10.30-10.10.10.40 -j DROP COMMIT # Completed on Wed Oct 10 12:34:58 2012 # Generated by iptables-save v1.4.8 on Wed Oct 10 12:34:58 2012 *nat :PREROUTING ACCEPT [192:12921] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [5:608] -A PREROUTING -p tcp -m tcp --dport 6666 -j REDIRECT --to-ports 22 -A PREROUTING -p tcp -m tcp --dport 6666 -j REDIRECT --to-ports 22 -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -s 10.10.10.0/24 -p icmp -j SNAT --to-source 192.168.100.105 COMMIT # Completed on Wed Oct 10 12:34:58 2012 root@teacherb:~# root@teacherb:~# root@teacherb:~# root@teacherb:~# root@teacherb:~# iptables-restore < iptables.txt root@teacherb:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 10.10.10.0/24 anywhere tcp dpt:smtp DROP tcp -- 10.10.10.10 anywhere tcp dpt:https DROP tcp -- anywhere anywhere tcp dpt:http-alt REJECT icmp -- anywhere anywhere length 200 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere sportgeza.hu tcp dpt:www source IP range 10.10.10.30-10.10.10.40 Chain OUTPUT (policy ACCEPT) target prot opt source destination root@teacherb:~# iptables -F root@teacherb:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@teacherb:~# iptables-restore < iptables.txt root@teacherb:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 10.10.10.0/24 anywhere tcp dpt:smtp DROP tcp -- 10.10.10.10 anywhere tcp dpt:https DROP tcp -- anywhere anywhere tcp dpt:http-alt REJECT icmp -- anywhere anywhere length 200 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere sportgeza.hu tcp dpt:www source IP range 10.10.10.30-10.10.10.40 Chain OUTPUT (policy ACCEPT) target prot opt source destination root@teacherb:~# iptables -P INPUT DROP root@teacherb:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ^C root@teacherb:~# root@teacherb:~# root@teacherb:~# root@teacherb:~# iptables -P INPUT ACCEPT root@teacherb:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 10.10.10.0/24 anywhere tcp dpt:smtp DROP tcp -- 10.10.10.10 anywhere tcp dpt:https DROP tcp -- anywhere anywhere tcp dpt:http-alt REJECT icmp -- anywhere anywhere length 200 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere sportgeza.hu tcp dpt:www source IP range 10.10.10.30-10.10.10.40 Chain OUTPUT (policy ACCEPT) target prot opt source destination root@teacherb:~# root@teacherb:~# mc