# Generated by iptables-save v1.2.7a on Tue Jul 8 14:36:59 2003 *mangle :PREROUTING ACCEPT [844733749:274460037802] :INPUT ACCEPT [8385836:1110466536] :FORWARD ACCEPT [820188333:272336410355] :OUTPUT ACCEPT [3494862:498088977] :POSTROUTING ACCEPT [822112192:272648604510] COMMIT # Completed on Tue Jul 8 14:36:59 2003 # Generated by iptables-save v1.2.7a on Tue Jul 8 14:36:59 2003 *nat :kludge-o-rama - [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -p tcp -m tcp -d 65.216.209.141 --dport 53 -j DNAT --to-destination 10.1.1.10 -A PREROUTING -p udp -m udp -d 65.216.209.141 --dport 53 -j DNAT --to-destination 10.1.1.10 -A PREROUTING -p tcp -m tcp -d 65.216.209.142 --dport 53 -j DNAT --to-destination 10.1.1.12 -A PREROUTING -p udp -m udp -d 65.216.209.142 --dport 53 -j DNAT --to-destination 10.1.1.12 -A PREROUTING -p tcp -m tcp -d 65.216.209.201 --dport 55000 -j DNAT --to-destination 10.1.1.201 -A PREROUTING -p tcp -m multiport -d 65.216.209.141 -j DNAT --to-destination 10.1.1.10 --dports ssh,23606 -A PREROUTING -p udp -m udp -d 65.216.209.141 --dport 22 -j DNAT --to-destination 10.1.1.10 -A PREROUTING -p tcp -m multiport -d 65.216.209.142 -j DNAT --to-destination 10.1.1.12 --dports ssh,23606 -A PREROUTING -p udp -m udp -d 65.216.209.142 --dport 22 -j DNAT --to-destination 10.1.1.12 -A PREROUTING -p tcp -m multiport -d 65.216.209.129 -j DNAT --to-destination 10.1.1.200 --dports ssh,23606 -A PREROUTING -p udp -m udp -d 65.216.209.129 --dport 22 -j DNAT --to-destination 10.1.1.200 -A PREROUTING -p tcp -m multiport -d 65.216.209.130 -j DNAT --to-destination 10.1.1.210 --dports ssh,23606 -A PREROUTING -p udp -m udp -d 65.216.209.130 --dport 22 -j DNAT --to-destination 10.1.1.210 -A PREROUTING -p tcp -m multiport -d 65.216.209.142 -j DNAT --to-destination 10.1.1.12 --dports smtp,pop3,imap -A PREROUTING -p tcp -m multiport -d 65.216.209.170 -j DNAT --to-destination 192.168.69.2 --dports smtp,pop3,imap -A PREROUTING -p tcp -m tcp -m multiport -d 65.216.210.0/255.255.255.192 --sport 1024:65535 -j NETMAP --dports smtp,pop3,imap --to 10.10.20.0/26 -A PREROUTING -p tcp -m tcp -m multiport -d 65.216.210.192/255.255.255.192 --sport 1024:65535 -j NETMAP --dports smtp,pop3,imap --to 10.10.20.192/26 -A PREROUTING -p tcp -m tcp -m multiport -d 65.216.210.64/255.255.255.192 --sport 1024:65535 -j NETMAP --dports smtp,pop3,imap --to 10.20.3.64/26 -A PREROUTING -p tcp -m tcp -m multiport -d 65.216.210.0/255.255.255.192 --sport 1024:65535 -j NETMAP --dports ftp,http,https --to 10.20.1.0/26 -A PREROUTING -p tcp -m tcp -m multiport -d 65.216.210.128/255.255.255.128 --sport 1024:65535 -j NETMAP --dports ftp,http,https --to 10.20.2.128/25 -A PREROUTING -p tcp -m tcp -m multiport -d 65.216.209.210 --sport 1024:65535 -j DNAT --to-destination 172.23.1.10 --dports http,https -A PREROUTING -p tcp -m multiport -s 65.216.209.10 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p udp -m multiport -s 65.216.209.10 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p tcp -m multiport -s 65.216.212.2 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p udp -m multiport -s 65.216.212.2 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p tcp -m multiport -s 10.1.1.20 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p udp -m multiport -s 10.1.1.20 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p tcp -m multiport -s 65.216.209.10 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p udp -m multiport -s 65.216.209.10 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p tcp -m multiport -s 65.216.208.140 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p udp -m multiport -s 65.216.208.140 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p tcp -m multiport -s 64.5.156.224/255.255.255.224 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -p udp -m multiport -s 64.5.156.224/255.255.255.224 -d 65.216.208.6 -i eth1 -j DNAT --to-destination 172.23.1.30 --dports ms-sql-s,ms-sql-m -A PREROUTING -s 141.152.138.79 -i eth1 -j kludge-o-rama -A PREROUTING -s 64.5.156.224/255.255.255.224 -i eth1 -j kludge-o-rama -A PREROUTING -s 192.168.69.101 -i eth1 -j kludge-o-rama -A PREROUTING -s 68.99.108.41 -i eth1 -j kludge-o-rama -A PREROUTING -s 64.24.88.229 -i eth1 -j kludge-o-rama -A PREROUTING -s 68.10.86.96 -i eth1 -j kludge-o-rama -A PREROUTING -s 192.168.69.130 -i eth1 -j kludge-o-rama -A PREROUTING -s 192.168.69.157 -i eth1 -j kludge-o-rama -A PREROUTING -s 65.216.208.137 -i eth1 -j kludge-o-rama -A PREROUTING -p tcp -m multiport -d 65.216.209.150 -j DNAT --to-destination 10.1.1.150 --dports 3389,ica -A PREROUTING -p udp -m udp -d 65.216.209.150 --dport 1604 -j DNAT --to-destination 10.1.1.150 -A PREROUTING -p tcp -m multiport -d 65.216.213.177 -j DNAT --to-destination 10.200.1.2 --dports 3389,ica -A PREROUTING -p udp -m udp -d 65.216.213.177 --dport 1604 -j DNAT --to-destination 10.200.1.2 -A PREROUTING -p tcp -m multiport -s 63.121.54.230 -d 65.216.209.160 -j DNAT --to-destination 192.168.69.168 --dports ftp,3389,5631 -A PREROUTING -p udp -m udp -s 63.121.54.230 -d 65.216.209.160 --dport 5632 -j DNAT --to-destination 192.168.69.168 -A PREROUTING -d 65.216.209.201 -j DNAT --to-destination 10.1.1.201 -A PREROUTING -d 65.216.209.202 -j DNAT --to-destination 10.1.1.202 -A PREROUTING -d 65.216.209.203 -j DNAT --to-destination 10.1.1.203 -A POSTROUTING -p tcp -m multiport -s 10.1.1.12 -j SNAT --to-source 65.216.209.142 --dports smtp,pop3,imap -A POSTROUTING -p tcp -m multiport -s 192.168.69.2 -j SNAT --to-source 65.216.209.170 --dports smtp,pop3,imap -A POSTROUTING -p tcp -m tcp -m multiport -s 10.10.20.0/255.255.255.192 --dport 1024:65535 -j NETMAP --sports smtp,pop3,imap --to 65.216.210.0/26 -A POSTROUTING -p tcp -m tcp -m multiport -s 10.10.20.192/255.255.255.192 --dport 1024:65535 -j NETMAP --sports smtp,pop3,imap --to 65.216.210.192/26 -A POSTROUTING -p tcp -m tcp -m multiport -s 10.20.3.64/255.255.255.192 --dport 024:65535 -j NETMAP --sports smtp,pop3,imap --to 65.216.210.64/26 -A POSTROUTING -s 172.23.1.30 -o eth2 -j SNAT --to-source 10.1.1.1 -A POSTROUTING -s 192.168.69.0/255.255.255.0 ! -d 192.168.69.10 -o eth0 -j SNAT --to-source 192.168.69.10 -A POSTROUTING -s 192.168.69.0/255.255.255.0 ! -d 10.1.1.1 -o eth2 -j SNAT --to-source 10.1.1.1 -A POSTROUTING -s 192.168.69.0/255.255.255.0 ! -d 172.23.1.1 -o eth4 -j SNAT --to-source 172.23.1.1 -A POSTROUTING -s 10.1.1.0/255.255.255.0 ! -d 192.168.69.10 -o eth0 -j SNAT --to-source 192.168.69.10 -A POSTROUTING -s 10.1.1.0/255.255.255.0 ! -d 10.1.1.1 -o eth2 -j SNAT --to-source 10.1.1.1 -A POSTROUTING -s 10.1.1.0/255.255.255.0 ! -d 172.23.1.1 -o eth4 -j SNAT --to-source 172.23.1.1 -A POSTROUTING -s 172.23.1.0/255.255.255.0 ! -d 192.168.69.10 -o eth0 -j SNAT --to-source 192.168.69.10 -A POSTROUTING -s 172.23.1.0/255.255.255.0 ! -d 10.1.1.1 -o eth2 -j SNAT --to-source 10.1.1.1 -A POSTROUTING -s 172.23.1.0/255.255.255.0 ! -d 172.23.1.1 -o eth4 -j SNAT --to-source 172.23.1.1 -A POSTROUTING -o eth1 -j SNAT --to-source 65.216.208.6 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.220 --dport 3389 -j LOG --log-prefix "<>" -A kludge-o-rama -p tcp -m tcp -d 65.216.209.220 --dport 3389 -j DNAT --to-destination 172.23.1.20 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.221 --dport 3389 -j LOG --log-prefix "<>" -A kludge-o-rama -p tcp -m tcp -d 65.216.209.221 --dport 3389 -j DNAT --to-destination 172.23.1.21 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.230 --dport 3389 -j LOG --log-prefix "<>" -A kludge-o-rama -p tcp -m tcp -d 65.216.209.230 --dport 3389 -j DNAT --to-destination 172.23.1.30 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.140 --dport 3389 -j LOG --log-prefix "<>" -A kludge-o-rama -p tcp -m tcp -d 65.216.209.140 --dport 3389 -j DNAT --to-destination 10.1.1.20 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.145 --dport 3389 -j LOG --log-prefix "<>" -A kludge-o-rama -p tcp -m tcp -d 65.216.209.145 --dport 3389 -j DNAT --to-destination 172.23.1.10 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.131 --dport 23606 -j DNAT --to-destination 10.1.1.210 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.131 --dport 47212 -j DNAT --to-destination 10.1.1.210 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.131 --dport 3389 -j DNAT --to-destination 10.1.1.210 -A kludge-o-rama -p tcp -m tcp -d 65.216.209.131 --dport 3389 -j LOG --log-prefix "<>" -A PREROUTING -d 65.216.210.2 -i eth1 -j DNAT --to-destination 10.10.20.8 COMMIT # Completed on Tue Jul 8 14:36:59 2003 # Generated by iptables-save v1.2.7a on Tue Jul 8 14:36:59 2003 *filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] :mail.ventur.net - [0:0] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m udp --dport 22 -j ACCEPT -A INPUT -p udp -m udp -s 65.215.208.128/255.255.255.240 -d 65.216.208.6 -i eth1 --dport 514 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state -i eth0 --state NEW -j ACCEPT -A INPUT -m state -i eth2 --state NEW -j ACCEPT -A INPUT -m state -i eth4 --state NEW -j ACCEPT -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT -A FORWARD -p tcp -m tcp -m limit --tcp-flags SYN,RST,ACK SYN --limit 1/sec -j ACCEPT -A FORWARD -p icmp -m icmp -m limit --icmp-type 8 --limit 1/sec -j ACCEPT -A FORWARD -p tcp -m tcp -m limit --tcp-flags FIN,SYN,RST,ACK RST --limit 1/sec -j ACCEPT -A INPUT -p tcp -m multiport --dport 135,137,138,139,445 -j DROP # Rockliffe Virus Update -A INPUT -s 147.208.128.7 -j ACCEPT -A FORWARD -s 10.1.1.20 -j ACCEPT COMMIT # Completed on Tue Jul 8 14:36:59 2003