iptables -t nat -F
nic #
 iptables -F
nic #
 # NAT
nic #
 iptables -t nat -p udp -A POSTROUTING --source 192.1.3.0/24  -o eth0 -j MASQUERADE
nic #
 # make sure that we never acidentially let ESP or unencrypted through.
nic #
 iptables -I FORWARD 1 --proto 50 -j DROP
nic #
 iptables -I FORWARD 2 --destination 192.0.2.0/24 -j DROP
nic #
 iptables -I FORWARD 3 --source 192.0.2.0/24 -j DROP
nic #
 # route
nic #
 iptables -I INPUT 1 --destination 192.0.2.0/24 -j DROP
nic #
 # Display the table, so we know it is correct.
nic #
 iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  udp  --  192.1.3.0/24         0.0.0.0/0           
nic #
 iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            192.0.2.0/24        
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       esp  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            192.0.2.0/24        
DROP       all  --  192.0.2.0/24         0.0.0.0/0           
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination