# Generated by iptables-save v1.4.20 on Thu Oct 10 09:00:00 2013
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 3389 -j DNAT --to-destination 192.168.0.201:3389
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 8000 -j DNAT --to-destination 192.168.0.10:8000
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 81 -j DNAT --to-destination 192.168.0.10:81
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 8001 -j DNAT --to-destination 192.168.0.16:8001
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 803 -j DNAT --to-destination 192.168.0.216:80
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 8003 -j DNAT --to-destination 192.168.0.216:8000
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 8002 -j DNAT --to-destination 192.168.0.215:8000
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 802 -j DNAT --to-destination 192.168.0.215:80
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 80 -j DNAT --to-destination 192.168.0.205:80
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 5222 -j DNAT --to-destination 192.168.0.208:5222
-A PREROUTING -p tcp -m tcp -d xx.xx.xx.xx -i eth1 --dport 7022 -j DNAT --to-destination 192.168.0.200:22
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.230:3128
-A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Oct 10 09:00:00 2013
# Generated by iptables-save v1.4.20 on Thu Oct 10 09:00:00 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -s 213.156.207.93 -d xx.xx.xx.xx -i eth1 -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -i eth1 -p tcp -m multiport --dports 80,81,801,802,803,5222,7022,8000,8001,8002,8003,8023 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -i eth1 -p udp -m multiport --dports 8023 -j ACCEPT
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -m conntrack --ctstate DNAT,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m set --match-set allow_hosts src -j ACCEPT
COMMIT
# Completed on Thu Oct 10 09:00:00 2013
create allow_hosts hash:ip family inet hashsize 1024 maxelem 65536
add allow_hosts 192.168.0.205
add allow_hosts 192.168.0.207
add allow_hosts 192.168.0.201
add allow_hosts 192.168.0.200
add allow_hosts 192.168.0.3
add allow_hosts 192.168.0.19
add allow_hosts 192.168.0.236
add allow_hosts 192.168.0.204
add allow_hosts 192.168.0.43
add allow_hosts 192.168.0.42
add allow_hosts 192.168.0.44
add allow_hosts 192.168.0.72
add allow_hosts 192.168.0.73
add allow_hosts 192.168.0.36
add allow_hosts 192.168.0.22
add allow_hosts 192.168.0.28
add allow_hosts 192.168.0.75
add allow_hosts 192.168.0.5
add allow_hosts 192.168.0.27
add allow_hosts 192.168.0.57
add allow_hosts 192.168.0.24
add allow_hosts 192.168.0.25
add allow_hosts 192.168.0.46
add allow_hosts 192.168.0.23
add allow_hosts 192.168.0.35
add allow_hosts 192.168.0.38
add allow_hosts 192.168.0.52
add allow_hosts 192.168.0.156
add allow_hosts 192.168.0.198
add allow_hosts 192.168.0.26
add allow_hosts 192.168.0.98
add allow_hosts 192.168.0.202
add allow_hosts 192.168.0.12
add allow_hosts 192.168.0.41
add allow_hosts 192.168.0.10
add allow_hosts 192.168.0.16
add allow_hosts 192.168.0.215
add allow_hosts 192.168.0.216
add allow_hosts 192.168.0.208
add allow_hosts 192.168.0.209
add allow_hosts 192.168.0.207
add allow_hosts 192.168.0.77
add allow_hosts 192.168.0.89
add allow_hosts 192.168.0.45
add allow_hosts 192.168.0.47
add allow_hosts 192.168.0.29
add allow_hosts 192.168.0.203
add allow_hosts 192.168.0.162
add allow_hosts 192.168.0.130
add allow_hosts 192.168.0.191
add allow_hosts 192.168.0.9
add allow_hosts 192.168.0.21
add allow_hosts 192.168.0.199
add allow_hosts 192.168.0.212
add allow_hosts 192.168.0.213
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf; sudo sysctl -p