[root@localhost ~]# cat /etc/rc.d/rc.local#!/bin/sh#/usr/sbin/dhcpd &iptables -Fiptables -t nat -Fiptables -t mangle -Fecho "1" > /proc/sys/net/ipv4/ip_forwardmodprobe ip_nat_ftpmodprobe ip_nat_ircmodprobe ip_conntrack_ftpmodprobe ip_conntrack_irc
iptables -t nat -A POSTROUTING -s 10.2.2.0/24 -j MASQUERADEiptables -A INPUT -i em1 -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -P FORWARD DROP#iptables -I FORWARD -o em1 -s 10.2.2.0/24 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.40 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.39 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.38 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.37 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.36 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.35 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.34 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.33 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.32 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.31 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.30 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.29 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.28 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.27 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.26 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.25 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.24 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.23 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.22 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.21 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.20 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.19 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.18 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.17 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.16 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.15 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.14 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.13 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.12 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.11 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.10 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.9 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.8 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.7 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.6 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.5 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.4 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.3 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.2 -j ACCEPTiptables -I FORWARD -o em1 -s 10.2.2.1 -j ACCEPT
iptables -A FORWARD -i em1 -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -A FORWARD -o em1 -j LOG --log-prefix=natdeny#iptables -I FORWARD -o em1 -p tcp --dport 80 -s 10.2.2.0/24 -j ACCEPT#iptables -I FORWARD -o eth0 -s 10.2.2.40 -j ACCEPT#iptables -I FORWARD -o em1 -p tcp --dport 80 -j ACCEPT
iptables -t mangle -P PREROUTING DROP#iptables -t mangle -I PREROUTING -i em2 -s 10.2.2.0/24 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.40 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.39 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.38 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.37 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.36 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.35 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.34 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.33 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.32 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.31 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.30 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.29 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.28 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.27 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.26 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.25 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.24 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.23 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.22 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.21 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.20 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.19 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.18 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.17 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.16 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.15 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.14 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.13 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.12 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.11 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.10 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.9 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.8 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.7 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.6 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.5 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.4 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.3 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.2 -j ACCEPTiptables -t mangle -I PREROUTING -i em2 -s 10.2.2.1 -j ACCEPTiptables -t mangle -A PREROUTING -i em1 -m state --state RELATED,ESTABLISHED -j ACCEPTiptables -t mangle -A PREROUTING -i em2 -j LOG --log-prefix=Mnatdeny |