root@router:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:02:2a:db:8e:c7
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::202:2aff:fedb:8ec7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56228 errors:0 dropped:0 overruns:0 frame:0
TX packets:93318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8568915 (8.1 MiB) TX bytes:89469982 (85.3 MiB)
Interrupt:17 Base address:0xd800
eth1 Link encap:Ethernet HWaddr 00:24:01:60:5f:00
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::224:1ff:fe60:5f00/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:230 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30310 (29.5 KiB) TX bytes:468 (468.0 B)
Interrupt:18 Base address:0xdc00
eth2 Link encap:Ethernet HWaddr 00:24:01:d1:54:71
inet addr:10.10.20.1 Bcast:10.10.20.255 Mask:255.255.255.0
inet6 addr: fe80::224:1ff:fed1:5471/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:57096 errors:0 dropped:0 overruns:0 frame:0
TX packets:54137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:47262963 (45.0 MiB) TX bytes:8481108 (8.0 MiB)
Interrupt:19 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:744 errors:0 dropped:0 overruns:0 frame:0
TX packets:744 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130557 (127.4 KiB) TX bytes:130557 (127.4 KiB)
# Routing Gateway
/sbin/route add default gw 10.10.10.2 netmask 0.0.0.0 dev eth1
/sbin/route add default gw 10.10.20.2 netmask 0.0.0.0 dev eth2
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE
#Redirect Proxy 2005
/usr/sbin/iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 80 --to-ports 2005
/usr/sbin/iptables -A FORWARD -p tcp --dport 80 -i eth1 -s 192.168.0.254 -j DROP
/usr/sbin/iptables -A FORWARD -p tcp --dport 80 -i eth2 -s 192.168.0.254 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p tcp --dport 0:79 -i eth2 -s 192.168.0.254 -j DROP
/usr/sbin/iptables -A FORWARD -p tcp --dport 0:79 -i eth1 -s 192.168.0.254 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p tcp --dport 80:61000 -i eth2 -s 192.168.0.254 -j DROP
/usr/sbin/iptables -A FORWARD -p tcp --dport 80:61000 -i eth1 -s 192.168.0.254 -j ACCEPT
/usr/sbin/iptables -A FORWARD -p tcp --dport 80 -i eth1 -d 10.10.10.2 -j REJECT
/usr/sbin/iptables -A FORWARD -p tcp --dport 80 -i eth2 -d 10.10.20.2 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.0.254 -d 10.10.10.2 --dport 80 -j DROP
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.0.254 -d 10.10.20.2 --dport 80 -j ACCEPT