#!/bin/bash

/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -F -t mangle

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

        # before this rule packet looked like
        # SRC: 10.10.10.11 DST: 10.10.10.10 DPORT:80
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.100
        # after execution of rule
        # SRC: 10.10.10.11 DST: 192.168.0.100 DPORT:80

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.0.100
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.0.155:22

/sbin/iptables -A FORWARD -d 192.168.0.100 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A FORWARD -s 10.10.10.11 -d 192.168.0.100 -p tcp --dport 22 -j ACCEPT

        # before this rule packet looked like
        # SRC: 192.168.0.100 DST: 10.10.10.11 
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.10.10.10
        # after execution of rule
        # SRC: 10.10.10.10 DST: 10.10.10.11

/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP