Title: iptables notes
Subject: description of rule syntax

iptables port forwarding to private network servers.
       # VideoLan portforwarding
       # Forward 1.2.3.4:5002 to 192.168.0.10:5002 (host is running videolan streaming server)
       #############################################################
        OUTSIDE_DEV='eth0'           # Firewall Internet Interface
        INTSIDE_DEV='eth1'           # Firewall Internal/protected network Interface
        OUTSIDE_IP='1.2.3.4'         # Firewall Internet IP
        INSIDE_IP='192.168.0.1'      # Firewall Internal IP
        INSIDE_NETWORK='192.168.0.0' # Internal Network
        WEB_SERVER='192.168.0.10'    # Internal VideoLan Server
        OUTSIDE_PORT='5002'          # Internal VideoLan Server Port
        INSIDE_PORT='5002'           # Internet VideoLan Server Port
        iptables -t nat    -A PREROUTING  -p tcp -d $OUTSIDE_IP --dport $OUTSIDE_PORT -j DNAT --to $WEB_SERVER:$INSIDE_PORT
        iptables -t filter -A FORWARD     -p tcp -d $WEB_SERVER --dport $INSIDE_PORT -j ACCEPT
        iptables -t nat    -A POSTROUTING -p tcp -s $INSIDE_NETWORK/24 -d $WEB_SERVER --dport $INSIDE_PORT -j SNAT --to $INSIDE_IP

        ##############################################################################################
        # HTTP  portforwarding
        # Forward stilen.com:8080 to 192.168.0.11:80
        ##############################################################################################
        OUT_DEV='eth0'               # Firewall Internet Interface 
        INT_DEV='eth1'               # Firewall Internal/protected network Interface 
        OUTSIDE_IP='1.2.3.4'         # Firewall Internet IP
        INSIDE_IP='192.168.0.1'      # Firewall Internal IP
        INSIDE_NETWORK='192.168.0.0' # Internal Network
        WEB_SERVER='192.168.0.11'    # Internal HTTP Server
        OUTSIDE_PORT='8080'          # Internal HTTP Server Port
        INSIDE_PORT='80'             # Internet HTTP Server Port
        iptables -t nat    -A PREROUTING  -p tcp -d $OUTSIDE_IP --dport $OUTSIDE_PORT -j DNAT --to $WEB_SERVER:$INSIDE_PORT
        iptables -t filter -A FORWARD     -p tcp -d $WEB_SERVER --dport $INSIDE_PORT -j ACCEPT
        iptables -t nat    -A POSTROUTING -p tcp -s $INSIDE_NETWORK/24 -d $WEB_SERVER --dport $INSIDE_PORT -j SNAT --to $INSIDE_IP

###################################################################
# These are links/notes I use to learn about IP tables:
  http://www.linuxguruz.org/iptables/	Lots of good scripts/FAQ's
  
  http://aaron.marasco.com/linux.html	fireparse log analyzer
                                        net-check (see if the isp dropped you)
###################################################################
#This rule is appended to the INPUT chain. 
#It is important to put this prior to the accept all rule. 
#-------------------------------------------------------------------
# All traffic 
#  from 	  		192.168.1.0/24 
#  of a protocol type 		tcp 
#  and a destination port of 	23 
#  will be                       jumped (-j) 
#     to the drop-reserved chain
#-------------------------------------------------------------------  
iptables -A INPUT -j drop-reserved -i eth1 -s 192.168.1.0/24 -p tcp --dport 23  
####################################################################