iptables

#!/bin/bash
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
echo "1" > /proc/sys/net/ipv4/ip_forward

#modprobe ip_conntrack_ftp
#modprobe iptable_nat

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -s 192.168.0.0/16  -j ACCEPT
iptables -A INPUT -p tcp  -s 192.168.0.0/16 -m multiport --dports 8118,110,80,25,22,21 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.5.0/24  -j SNAT --to 192.168.5.11
iptables -t nat -I PREROUTING -i etho -p tcp -d 192.168.5.11 --dport 80 -j DNAT --to 192.168.5.97:8118
#iptables -t nat -A PREROUTING -p tcp --dport 3128 -j REDIRECT --to-ports 80

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -m multiport --dports 8443,8118,110,80,25,22,21 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -p icmp -s 192.168.0.0/16 -j ACCEPT

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#iptables -A FORWARD -m mac --mac-source xx:xx:xx:xx:xx:xx  -j DROP