# Generated by iptables-save v1.2.9 on Fri Jun 18 13:30:58 2004
*filter
:INPUT DROP [23909:1633351]
:FORWARD ACCEPT [3389012:1326363874]
:OUTPUT ACCEPT [11982:1737411]
:mail.ventur.net - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p udp -m udp --dport 22 -j ACCEPT 
-A INPUT -s 65.215.208.128/255.255.255.240 -d 65.216.208.6 -i eth1 -p udp -m udp --dport 514 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i eth0 -m state --state NEW -j ACCEPT 
-A INPUT -i eth2 -m state --state NEW -j ACCEPT 
-A INPUT -i eth4 -m state --state NEW -j ACCEPT 
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 135,137,138,139,445 -j DROP 
-A INPUT -s 147.208.128.7 -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT 
-A FORWARD -p icmp -m limit --limit 1/sec -m icmp --icmp-type 8 -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT 
-A FORWARD -s 10.1.1.20 -j ACCEPT 
COMMIT
# Completed on Fri Jun 18 13:30:58 2004
# Generated by iptables-save v1.2.9 on Fri Jun 18 13:30:58 2004
*nat
:PREROUTING ACCEPT [289427:22000110]
:POSTROUTING ACCEPT [168282:9659436]
:OUTPUT ACCEPT [5317:217637]
:kludge-o-rama - [0:0]
-A PREROUTING -d 65.216.209.141 -p tcp -m tcp --dport 53 -j DNAT --to-destination 10.1.1.10 
-A PREROUTING -d 65.216.209.141 -p udp -m udp --dport 53 -j DNAT --to-destination 10.1.1.10 
-A PREROUTING -d 65.216.209.142 -p tcp -m tcp --dport 53 -j DNAT --to-destination 10.1.1.12 
-A PREROUTING -d 65.216.209.142 -p udp -m udp --dport 53 -j DNAT --to-destination 10.1.1.12 
-A PREROUTING -d 65.216.209.201 -p tcp -m tcp --dport 55000 -j DNAT --to-destination 10.1.1.201 
-A PREROUTING -d 65.216.209.141 -p tcp -m multiport --dports 22,23606 -j DNAT --to-destination 10.1.1.10 
-A PREROUTING -d 65.216.209.141 -p udp -m udp --dport 22 -j DNAT --to-destination 10.1.1.10 
-A PREROUTING -d 65.216.209.142 -p tcp -m multiport --dports 22,23606 -j DNAT --to-destination 10.1.1.12 
-A PREROUTING -d 65.216.209.142 -p udp -m udp --dport 22 -j DNAT --to-destination 10.1.1.12 
-A PREROUTING -d 65.216.209.129 -p tcp -m multiport --dports 22,23606 -j DNAT --to-destination 10.1.1.200 
-A PREROUTING -d 65.216.209.129 -p udp -m udp --dport 22 -j DNAT --to-destination 10.1.1.200 
-A PREROUTING -d 65.216.209.130 -p tcp -m multiport --dports 22,23606 -j DNAT --to-destination 10.1.1.210 
-A PREROUTING -d 65.216.209.130 -p udp -m udp --dport 22 -j DNAT --to-destination 10.1.1.210 
-A PREROUTING -d 65.216.209.142 -p tcp -m multiport --dports 25,110,143 -j DNAT --to-destination 10.1.1.12 
-A PREROUTING -d 65.216.209.170 -p tcp -m multiport --dports 25,110,143 -j DNAT --to-destination 192.168.69.2 
-A PREROUTING -d 65.216.210.0/255.255.255.192 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 25,110,143 -j NETMAP --to 10.10.20.0/26
-A PREROUTING -d 65.216.210.192/255.255.255.192 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 25,110,143 -j NETMAP --to 10.10.20.192/26
-A PREROUTING -d 65.216.210.64/255.255.255.192 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 25,110,143 -j NETMAP --to 10.20.3.64/26
-A PREROUTING -d 65.216.210.0/255.255.255.192 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 21,80,443 -j NETMAP --to 10.20.1.0/26
-A PREROUTING -d 65.216.210.128/255.255.255.128 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 21,80,443 -j NETMAP --to 10.20.2.128/25
-A PREROUTING -d 65.216.209.210 -p tcp -m tcp --sport 1024:65535 -m multiport --dports 80,443 -j DNAT --to-destination 172.23.1.10 
-A PREROUTING -s 65.216.209.10 -d 65.216.208.6 -i eth1 -p tcp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.209.10 -d 65.216.208.6 -i eth1 -p udp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.212.2 -d 65.216.208.6 -i eth1 -p tcp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.212.2 -d 65.216.208.6 -i eth1 -p udp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 10.1.1.20 -d 65.216.208.6 -i eth1 -p tcp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 10.1.1.20 -d 65.216.208.6 -i eth1 -p udp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.209.10 -d 65.216.208.6 -i eth1 -p tcp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.209.10 -d 65.216.208.6 -i eth1 -p udp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.208.140 -d 65.216.208.6 -i eth1 -p tcp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 65.216.208.140 -d 65.216.208.6 -i eth1 -p udp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 64.5.156.224/255.255.255.224 -d 65.216.208.6 -i eth1 -p tcp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 64.5.156.224/255.255.255.224 -d 65.216.208.6 -i eth1 -p udp -m multiport --dports 1433,1434 -j DNAT --to-destination 172.23.1.30 
-A PREROUTING -s 141.152.138.79 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 64.5.156.224/255.255.255.224 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 192.168.69.101 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 68.99.108.41 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 64.24.88.229 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 68.10.86.96 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 192.168.69.130 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 192.168.69.157 -i eth1 -j kludge-o-rama 
-A PREROUTING -s 65.216.208.137 -i eth1 -j kludge-o-rama 
-A PREROUTING -d 65.216.209.150 -p tcp -m multiport --dports 3389,1494 -j DNAT --to-destination 10.1.1.150 
-A PREROUTING -d 65.216.209.150 -p udp -m udp --dport 1604 -j DNAT --to-destination 10.1.1.150 
-A PREROUTING -d 65.216.213.177 -p tcp -m multiport --dports 3389,1494 -j DNAT --to-destination 10.200.1.2 
-A PREROUTING -d 65.216.213.177 -p udp -m udp --dport 1604 -j DNAT --to-destination 10.200.1.2 
-A PREROUTING -s 63.121.54.230 -d 65.216.209.160 -p tcp -m multiport --dports 21,3389,5631 -j DNAT --to-destination 192.168.69.168 
-A PREROUTING -s 63.121.54.230 -d 65.216.209.160 -p udp -m udp --dport 5632 -j DNAT --to-destination 192.168.69.168 
-A PREROUTING -d 65.216.209.201 -j DNAT --to-destination 10.1.1.201 
-A PREROUTING -d 65.216.209.202 -j DNAT --to-destination 10.1.1.202 
-A PREROUTING -d 65.216.209.203 -j DNAT --to-destination 10.1.1.203 
-A PREROUTING -d 65.216.210.2 -i eth1 -j DNAT --to-destination 10.10.20.8 
-A POSTROUTING -s 10.1.1.12 -p tcp -m multiport --dports 25,110,143 -j SNAT --to-source 65.216.209.142 
-A POSTROUTING -s 192.168.69.2 -p tcp -m multiport --dports 25,110,143 -j SNAT --to-source 65.216.209.170 
-A POSTROUTING -s 10.10.20.0/255.255.255.192 -p tcp -m tcp --dport 1024:65535 -m multiport --sports 25,110,143 -j NETMAP --to 65.216.210.0/26
-A POSTROUTING -s 10.10.20.192/255.255.255.192 -p tcp -m tcp --dport 1024:65535 -m multiport --sports 25,110,143 -j NETMAP --to 65.216.210.192/26
-A POSTROUTING -s 10.20.3.64/255.255.255.192 -p tcp -m tcp --dport 20:65535 -m multiport --sports 25,110,143 -j NETMAP --to 65.216.210.64/26
-A POSTROUTING -s 172.23.1.30 -o eth2 -j SNAT --to-source 10.1.1.1 
-A POSTROUTING -s 192.168.69.0/255.255.255.0 -d ! 192.168.69.10 -o eth0 -j SNAT --to-source 192.168.69.10 
-A POSTROUTING -s 192.168.69.0/255.255.255.0 -d ! 10.1.1.1 -o eth2 -j SNAT --to-source 10.1.1.1 
-A POSTROUTING -s 192.168.69.0/255.255.255.0 -d ! 172.23.1.1 -o eth4 -j SNAT --to-source 172.23.1.1 
-A POSTROUTING -s 10.1.1.0/255.255.255.0 -d ! 192.168.69.10 -o eth0 -j SNAT --to-source 192.168.69.10 
-A POSTROUTING -s 10.1.1.0/255.255.255.0 -d ! 10.1.1.1 -o eth2 -j SNAT --to-source 10.1.1.1 
-A POSTROUTING -s 10.1.1.0/255.255.255.0 -d ! 172.23.1.1 -o eth4 -j SNAT --to-source 172.23.1.1 
-A POSTROUTING -s 172.23.1.0/255.255.255.0 -d ! 192.168.69.10 -o eth0 -j SNAT --to-source 192.168.69.10 
-A POSTROUTING -s 172.23.1.0/255.255.255.0 -d ! 10.1.1.1 -o eth2 -j SNAT --to-source 10.1.1.1 
-A POSTROUTING -s 172.23.1.0/255.255.255.0 -d ! 172.23.1.1 -o eth4 -j SNAT --to-source 172.23.1.1 
-A POSTROUTING -o eth1 -j SNAT --to-source 65.216.208.6 
-A kludge-o-rama -d 65.216.209.220 -p tcp -m tcp --dport 3389 -j LOG --log-prefix "<<RDP Connection!>>" 
-A kludge-o-rama -d 65.216.209.220 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 172.23.1.20 
-A kludge-o-rama -d 65.216.209.221 -p tcp -m tcp --dport 3389 -j LOG --log-prefix "<<RDP Connection!>>" 
-A kludge-o-rama -d 65.216.209.221 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 172.23.1.21 
-A kludge-o-rama -d 65.216.209.230 -p tcp -m tcp --dport 3389 -j LOG --log-prefix "<<RDP Connection!>>" 
-A kludge-o-rama -d 65.216.209.230 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 172.23.1.30 
-A kludge-o-rama -d 65.216.209.140 -p tcp -m tcp --dport 3389 -j LOG --log-prefix "<<RDP Connection!>>" 
-A kludge-o-rama -d 65.216.209.140 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.1.1.20 
-A kludge-o-rama -d 65.216.209.145 -p tcp -m tcp --dport 3389 -j LOG --log-prefix "<<RDP Connection!>>" 
-A kludge-o-rama -d 65.216.209.145 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 172.23.1.10 
-A kludge-o-rama -d 65.216.209.131 -p tcp -m tcp --dport 23606 -j DNAT --to-destination 10.1.1.210 
-A kludge-o-rama -d 65.216.209.131 -p tcp -m tcp --dport 47212 -j DNAT --to-destination 10.1.1.210 
-A kludge-o-rama -d 65.216.209.131 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.1.1.210 
-A kludge-o-rama -d 65.216.209.131 -p tcp -m tcp --dport 3389 -j LOG --log-prefix "<<RDP Connection!>>" 
COMMIT
# Completed on Fri Jun 18 13:30:58 2004
# Generated by iptables-save v1.2.9 on Fri Jun 18 13:30:58 2004
*mangle
:PREROUTING ACCEPT [4432312:1443863299]
:INPUT ACCEPT [49564:6300188]
:FORWARD ACCEPT [4254263:1428483032]
:OUTPUT ACCEPT [17388:2468338]
:POSTROUTING ACCEPT [4266247:1430221015]
COMMIT
# Completed on Fri Jun 18 13:30:58 2004