# stop iptables /etc/init.d/iptables stop # remove all rules iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # Enable ip forwarding sysctl net.ipv4.ip_forward=1 # Only allow SSH from IP 2.2.2.2 iptables -A INPUT -s 2.2.2.2/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # Block the other traffic iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited # Forwarding incoming traffic on specific ports to ip 3.3.3.3: iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80 iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 3.3.3.3:443 iptables -t nat -A PREROUTING -p tcp --dport 110 -j DNAT --to-destination 3.3.3.3:110 iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 3.3.3.3:25 iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 3.3.3.3:143 iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 3.3.3.3:465 iptables -t nat -A PREROUTING -p tcp --dport 585 -j DNAT --to-destination 3.3.3.3:585 iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 3.3.3.3:993 iptables -t nat -A PREROUTING -p tcp --dport 995 -j DNAT --to-destination 3.3.3.3:995 iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to-destination 3.3.3.3:21 iptables -t nat -A PREROUTING -p tcp --dport 20 -j DNAT --to-destination 3.3.3.3:20 # tell iptables to masquerade: iptables -t nat -A POSTROUTING -j MASQUERADE