#!/bin/sh
nic #
 ifconfig eth0:1 inet 192.1.2.111 netmask 255.255.255.0
nic #
 # NAT North's IP to ours
nic #
 iptables -t nat -F POSTROUTING
nic #
 iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -o eth0+ -p udp -m udp --dport 500  -j SNAT --to-source 192.1.2.254:11000-12000
nic #
 iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -o eth0+ -p udp -m udp --dport 4500 -j SNAT --to-source 192.1.2.111:14000-16000
nic #
 iptables -A OUTPUT -d 192.0.2.0/24 -j DROP
nic #
 # Display the table, so we know it is correct.
nic #
 iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       udp  --  any    eth0+   192.1.3.0/24         anywhere             udp dpt:isakmp to:192.1.2.254:11000-12000
    0     0 SNAT       udp  --  any    eth0+   192.1.3.0/24         anywhere             udp dpt:ipsec-nat-t to:192.1.2.111:14000-16000
nic #
 echo done.
done.