*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d 31.211.138.38 --dport 8181 -j DNAT --to-destination 192.168.1.1:80
-A PREROUTING -p tcp -m tcp -d 31.211.138.38 --dport 8100 -j DNAT --to-destination 192.168.1.1:8100
-A PREROUTING -p tcp -m tcp -d 31.211.138.38 --dport 23 -j DNAT --to-destination 192.168.1.1:23
-A PREROUTING -p tcp -m tcp -d 31.211.138.38 --dport 21 -j DNAT --to-destination 192.168.1.1:21
-A PREROUTING -p tcp -d 31.211.138.38 --dport 25432 -j DNAT --to 192.168.1.99:25432
-A POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE
-A POSTROUTING -o eth2.2 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -i br0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23 -i br0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -i br0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8100 -i br0 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -i eth2.2 -j DROP
-A INPUT -p tcp -m tcp --dport 53 -i eth2.2 -j DROP
-A INPUT -p tcp -m tcp --dport 2869 -i eth2.2 -j DROP
-A INPUT -p tcp -m tcp --dport 23 -i eth2.2 -j ACCEPT
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i eth2.2 -p tcp -m tcp -d 192.168.1.99 --dport 25432 -j ACCEPT
-A FORWARD -p esp -j ACCEPT
-A FORWARD -p ah -j ACCEPT
-A FORWARD -p udp --sport 500 --dport 500 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br0 -m state --state NEW -j ACCEPT
-A FORWARD -j DROP
COMMIT