#!/bin/sh
nic #
 iptables -t nat -F
nic #
 iptables -F
nic #
 # NAT
nic #
 iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254
nic #
 # make sure that we never acidentially let ESP or L2TP through.
nic #
 iptables -N LOGDROP
nic #
 iptables -A LOGDROP -j LOG
nic #
 iptables -A LOGDROP -j DROP
nic #
 iptables -I FORWARD 1 --proto 50 -j LOGDROP
nic #
 iptables -I FORWARD 2 --proto udp --dport 1701 -j LOGDROP
nic #
 # Display the table, so we know it is correct.
nic #
 iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  192.1.3.0/24         0.0.0.0/0            to:192.1.2.254
nic #
 iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LOGDROP    esp  --  0.0.0.0/0            0.0.0.0/0           
LOGDROP    udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:1701
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain LOGDROP (2 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
DROP       all  --  0.0.0.0/0            0.0.0.0/0           
nic #
 echo done
done