$ sudo iptables -vnLChain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes

1. $ sudo iptables -vnL
2. Chain INPUT (policy DROP 0 packets, 0 bytes)
3. pkts bytes target prot opt in out source destination
4. 64 15065 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
5. 995 84655 ACCEPT all -- p255p1 * 0.0.0.0/0 0.0.0.0/0
6. 117 9628 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
7. 300 39219 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
8. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000
9. 33 2364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
10. 378 102K ACCEPT all -- em1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
11. 64 5858 LOGGING all -- em1 * 0.0.0.0/0 0.0.0.0/0
12.  
13. Chain FORWARD (policy DROP 2 packets, 96 bytes)
14. pkts bytes target prot opt in out source destination
15. 55847 11M ACCEPT all -- p255p1 em1 0.0.0.0/0 0.0.0.0/0
16. 60455 177M ACCEPT all -- em1 p255p1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
17.  
18. Chain OUTPUT (policy ACCEPT 2309 packets, 507K bytes)
19. pkts bytes target prot opt in out source destination
20.  
21. Chain LOGGING (1 references)
22. pkts bytes target prot opt in out source destination
23. 64 5858 LOG all -- em1 * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 10 LOG flags 0 level 4
24. 64 5858 DROP all -- em1 * 0.0.0.0/0 0.0.0.0/0
25.  
26.  
27.  
28. $ sudo iptables -t nat -vnL
29. Chain PREROUTING (policy ACCEPT 2640 packets, 213K bytes)
30. pkts bytes target prot opt in out source destination
31. 2 96 DNAT tcp -- em1 * 0.0.0.0/0 MY_PUB_IP tcp dpt:8000 to:10.255.50.75:8000
32.  
33. Chain INPUT (policy ACCEPT 1112 packets, 83884 bytes)
34. pkts bytes target prot opt in out source destination
35.  
36. Chain OUTPUT (policy ACCEPT 581 packets, 46547 bytes)
37. pkts bytes target prot opt in out source destination
38.  
39. Chain POSTROUTING (policy ACCEPT 31 packets, 2017 bytes)
40. pkts bytes target prot opt in out source destination
41. 1965 158K MASQUERADE all -- * em1 0.0.0.0/0 0.0.0.0/0
42.  
43.  
44.  
45. #### my IPTABLES rules
46.  
47. # Generated by iptables-save v1.4.21 on Fri Oct 9 13:59:58 2015
48. *nat
49. :INPUT ACCEPT [0:0]
50. :OUTPUT ACCEPT [0:0]
51. :POSTROUTING ACCEPT [0:0]
52. :PREROUTING ACCEPT [0:0]
53. -A PREROUTING -p tcp -m tcp -d MY_PUB_IP -i em1 --dport 8000 -j DNAT --to-destination 10.255.50.75:8000
54. -A POSTROUTING -o em1 -j MASQUERADE
55. COMMIT
56. # Completed on Fri Oct 9 13:59:58 2015
57. # Generated by iptables-save v1.4.21 on Fri Oct 9 13:59:58 2015
58. *mangle
59. :PREROUTING ACCEPT [34:3197]
60. :INPUT ACCEPT [34:3197]
61. :FORWARD ACCEPT [0:0]
62. :OUTPUT ACCEPT [31:7469]
63. :POSTROUTING ACCEPT [31:7469]
64. COMMIT
65. # Completed on Fri Oct 9 13:59:58 2015
66. # Generated by iptables-save v1.4.21 on Fri Oct 9 13:59:58 2015
67. *filter
68. :LOGGING - [0:0]
69. :OUTPUT ACCEPT [0:0]
70. :FORWARD DROP [0:0]
71. :INPUT DROP [0:0]
72. -A INPUT -i lo -j ACCEPT
73. -A INPUT -i p255p1 -j ACCEPT
74. -A INPUT -p icmp -j ACCEPT
75. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
76. -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
77. -A LOGGING -m limit -i em1 --limit 5/second --limit-burst 10 -j LOG
78. -A LOGGING -i em1 -j DROP
79. -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
80. -A FORWARD -i p255p1 -o em1 -j ACCEPT
81. -A INPUT -m state -i em1 --state ESTABLISHED,RELATED -j ACCEPT
82. -A FORWARD -m state -i em1 -o p255p1 --state ESTABLISHED,RELATED -j ACCEPT
83. -A INPUT -i em1 -j LOGGING
84. COMMIT
85. # Completed on Fri Oct 9 13:59:58 2015