iptables-save, только IP заменил на 123.123.123.123
# Generated by iptables-save v1.3.6 on Fri Dec 19 14:25:08 2008 *mangle :PREROUTING ACCEPT [2830:514534] :INPUT ACCEPT [1319:336714] :FORWARD ACCEPT [1511:177820] :OUTPUT ACCEPT [1374:394227] :POSTROUTING ACCEPT [2629:556235] :outtos - [0:0] :pretos - [0:0] -A PREROUTING -j pretos -A OUTPUT -j outtos -A outtos -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10 -A outtos -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10 -A outtos -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10 -A outtos -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10 -A outtos -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08 -A outtos -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08 -A pretos -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10 -A pretos -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10 -A pretos -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10 -A pretos -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10 -A pretos -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08 -A pretos -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08 COMMIT # Completed on Fri Dec 19 14:25:08 2008 # Generated by iptables-save v1.3.6 on Fri Dec 19 14:25:08 2008 *filter :INPUT ACCEPT [647:252836] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1374:394227] -A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -i eth1 -p tcp -m multiport --dports 21 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK SYN -j LOG --log-level 7 --log-tcp-options -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -p icmp -j ACCEPT -A FORWARD -d 192.168.1.0/255.255.255.0 -o eth1 -p icmp -j ACCEPT -A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -d 192.168.1.0/255.255.255.0 -o eth1 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -p tcp -m multiport --dports 20,21,25,110,995,587 -j ACCEPT -A FORWARD -d 192.168.1.0/255.255.255.0 -o eth1 -p tcp -m multiport --sports 20,21,25,110,995,587 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p ! icmp -m state --state INVALID -j DROP -A FORWARD -p ! icmp -m state --state INVALID -j DROP -A FORWARD -o eth0 -j DROP -A FORWARD -o eth+ -j DROP COMMIT # Completed on Fri Dec 19 14:25:08 2008 # Generated by iptables-save v1.3.6 on Fri Dec 19 14:25:08 2008 *nat :PREROUTING ACCEPT [354:32057] :POSTROUTING ACCEPT [1:1459] :OUTPUT ACCEPT [44:4030] -A POSTROUTING -o eth0 -j SNAT --to-source 123.123.123.123 COMMIT # Completed on Fri Dec 19 14:25:08 2008