Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 200.200.200.200 0.0.0.0 UG 0 0 0 eth2 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 200.200.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4 192.168.21.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 eth0 Link encap:Ethernet HWaddr e0:69:95:af:36:c0 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::e269:95ff:feaf:36c0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2157915816 errors:0 dropped:0 overruns:0 frame:0 TX packets:4261067096 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:2281577641 (2.2 GB) TX bytes:3995732846 (3.9 GB) eth2 Link encap:Ethernet HWaddr 00:90:27:34:41:69 inet addr:200.200.200.43 Bcast:200.200.200.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:185850172 errors:0 dropped:0 overruns:0 frame:0 TX packets:126304026 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:958144871 (958.1 MB) TX bytes:1436591745 (1.4 GB) eth4 Link encap:Ethernet HWaddr 00:19:5b:8b:0d:4e inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::219:5bff:fe8b:d4e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4139710118 errors:2 dropped:3 overruns:2 frame:0 TX packets:2093589929 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5331050148724 (5.3 TB) TX bytes:167260690647 (167.2 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:69881 errors:0 dropped:0 overruns:0 frame:0 TX packets:69881 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3741048 (3.7 MB) TX bytes:3741048 (3.7 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:10664582 errors:0 dropped:0 overruns:0 frame:0 TX packets:9518719 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2878777227 (2.8 GB) TX bytes:2831568799 (2.8 GB) *mangle :PREROUTING ACCEPT [1856634633:1620636151916] :INPUT ACCEPT [2337341:521865912] :FORWARD ACCEPT [1854285443:1620113643452] :OUTPUT ACCEPT [1708084:1184235201] :POSTROUTING ACCEPT [1855993533:1621297883339] COMMIT # Completed on Sat Mar 10 22:34:10 2018 # Generated by iptables-save v1.4.21 on Sat Mar 10 22:34:10 2018 *nat :PREROUTING ACCEPT [202845:20634425] :INPUT ACCEPT [100374:8143151] :OUTPUT ACCEPT [8545:779010] :POSTROUTING ACCEPT [38159:4735081] -A PREROUTING -d 200.200.200.43/32 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.29:8080 -A POSTROUTING -s 192.168.0.0/24 -o eth2 -j SNAT --to-source 200.200.200.43 -A POSTROUTING -s 192.168.1.0/24 -o eth2 -j SNAT --to-source 200.200.200.43 COMMIT # Completed on Sat Mar 10 22:34:10 2018 # Generated by iptables-save v1.4.21 on Sat Mar 10 22:34:10 2018 *filter :INPUT ACCEPT [2335419:521688781] :FORWARD ACCEPT [1844274548:1618895117989] :OUTPUT ACCEPT [1708074:1184234601] :fail2ban-ssh - [0:0] :fail2ban-ssh-ddos - [0:0] :ufw-after-forward - [0:0] :ufw-after-input - [0:0] :ufw-after-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-output - [0:0] :ufw-before-forward - [0:0] :ufw-before-input - [0:0] :ufw-before-logging-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-output - [0:0] :ufw-reject-forward - [0:0] :ufw-reject-input - [0:0] :ufw-reject-output - [0:0] :ufw-track-forward - [0:0] :ufw-track-input - [0:0] :ufw-track-output - [0:0] -A INPUT -p tcp -m multiport --dports 6881:6889 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -m multiport --dports 6881:6889 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i eth0 -o eth2 -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 6881:6889 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -p udp -m multiport --dports 6881:6889 -j REJECT --reject-with icmp-port-unreachable COMMIT