echo "- Setup variables and proc" INT=eth1 EXT=eth0 #Getting the WAN ip as this is dynamic EXTIP=`ifconfig eth0 | grep -E "inet " | cut -f 2 -d ":" | cut -f 1 -d " "` #Making sure that the ip forwarding is enabled echo 1 > /proc/sys/net/ipv4/ip_forward IPT=/sbin/iptables MPROBE=/sbin/modprobe #LOAD KERNEL MODULES $MPROBE -v ip_tables $MPROBE -v ip_conntrack $MPROBE -v iptable_filter $MPROBE -v iptable_mangle $MPROBE -v iptable_nat $MPROBE -v ipt_LOG $MPROBE -v ipt_REJECT cho "- Flush firewall rules" $IPT -F $IPT -t nat -F $IPT -t mangle -F echo "- Delete custom chains" $IPT -X $IPT -t nat -X $IPT -t mangle -X echo "- Firewall default policies" $IPT -P INPUT ACCEPT $IPT -P FORWARD ACCEPT echo "- Setup local interface" $IPT -A INPUT -i l0 -j ACCEPT $IPT -A OUTPUT -o l0 -j ACCEPT echo "- Setup firewall SPI" $IPT -A INPUT -m state --state established,related -j ACCEPT $IPT -A FORWARD -m state --state established,related -j ACCEPT $IPT -A OUTPUT -m state --state established,related -j ACCEPT $IPT -t nat -A PREROUTING -m state --state established,related -j ACCEPT $IPT -t nat -A POSTROUTING -m state --state established,related -j ACCEPT $IPT -t nat -A OUTPUT -m state --state established,related -j ACCEPT Now if you want to stop this LAN traffic from getting into your private LAN you can stop it here: #STOP Traffic from entering x.x.x.x/24 LAN Segment $IPT -A FORWARD -i $INT -o $EXT -s 10.0.7.0/24 -d x.x.x.x/24 -j DROP #Configure the FORWARD RULES $IPT -t nat -A PREROUTING -i $INT -s 10.0.7.0/24 -j ACCEPT $IPT -A FORWARD -i $INT -o $EXT -s 10.0.7.0/24 -j ACCEPT $IPT -t nat -A POSTROUTING -o $EXT -j SNAT --to-source $EXTIP ################################################################################$ echo "--> input to firewall" #This will allow outside world to connect to your router on your WAN interface. $IPT -A INPUT -i $EXT -m tcp -p tcp --dport 22 -j ACCEPT |