echo 0 > /proc/sys/net/ipv4/ip_forward
# flush rules
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
# Set default policies
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
# IP spoofing
/sbin/iptables -A INPUT -j LOG -i eth1 \! -s 192.168.1.0/24
/sbin/iptables -A INPUT -j DROP -i eth1 \! -s 192.168.1.0/24
# IP Spoofing: deny address from outside with our addresses
/sbin/iptables -A INPUT -j DROP \! -i eth1 -s 192.168.1.0/24
/sbin/iptables -A INPUT -j DROP -i \! lo -s 127.0.0.0/255.0.0.0
/sbin/iptables -A INPUT -j ACCEPT -i lo
# setup for ssh and http
/sbin/iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport ssh
/sbin/iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport http
#
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p
\! icmp -j ACCEPT
# allow all local connetions from eth1
/sbin/iptables -A INPUT -j ACCEPT -p all -i eth1 -s 192.168.1.0/24
# setup Masquerqading
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# DROP any internet/new connections
/sbin/iptables -A INPUT -m state --state NEW -i eth0 -j DROP
# turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward 


#> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#
#Hi,
#    change the above line to :-
#
#        /sbin/iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o
#eth0 -j SNAT --to-source $SRCIP
#
#where $SRCIP is the real fixed IP address to be used for all traffic
#to / from your boxes with private IP's. This change will make iptables
#only mangle outgoing traffic from your private IP's, so traffic from
#any real IP's on your network will pass through unaffected. Of
#course, you will also need to block any unwanted traffic to these
#machines in the FORWARD chain.