#!/bin/sh
nic #
 iptables -t nat -F
nic #
 iptables -F
nic #
 # NAT
nic #
 iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254
nic #
 # make sure that we never acidentially let ESP or L2TP through.
nic #
 iptables -I FORWARD 1 --proto 50 -j DROP
nic #
 iptables -I FORWARD 2 --proto udp --dport 1701 -j DROP
nic #
 # Display the table, so we know it is correct.
nic #
 iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  192.1.3.0/24         0.0.0.0/0            to:192.1.2.254
nic #
 iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       esp  --  0.0.0.0/0            0.0.0.0/0           
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:1701
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
nic #
 echo done
done
nic #
