J’avais envie de pouvoir faire un routeur sous Linux avec Iptables, c’est chose faite !

#!/bin/sh

IPT="/sbin/iptables"
MODPROBE="/sbin/modprobe"

IFACE_EXT="ra0"
#"ppp0"
IFACE_INT="eth0"

PRIVATE_ADDR="192.168.1.254"
PRIVATE_NET="192.168.1.0/255.255.255.0"

test -f $IPT || exit 0
test -f $MODPROBE || exit 0

case "$1" in
start)
echo -n "Loading firwall's rules: "

############################
# FLUSH TABLES
############################
$IPT -t filter -F
$IPT -t nat -F
$IPT -t mangle -F
############################
# MASQUERADING
############################
$IPT -t nat -A POSTROUTING -s $PRIVATE_NET -j MASQUERADE

############################
# FORWARDING RULES
############################
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # ESTABLISHED
$IPT -A FORWARD -p UDP -i $IFACE_INT --dport 53 -j ACCEPT # DOMAIN
$IPT -A FORWARD -p TCP -i $IFACE_INT --dport 21 -j ACCEPT # FTP
$IPT -A FORWARD -p TCP -i $IFACE_INT --dport 22 -j ACCEPT # SSH
$IPT -A FORWARD -p TCP -i $IFACE_INT --dport 25 -j ACCEPT # SMTP
$IPT -A FORWARD -p TCP -i $IFACE_INT --dport 80 -j ACCEPT # HTTP
#$IPT -A FORWARD -p TCP -i $IFACE_INT --dport 110 -j ACCEPT # POP3
#$IPT -A FORWARD -p TCP -i $IFACE_INT --dport 443 -j ACCEPT # HTTPS

$IPT -A FORWARD -p TCP -i $IFACE_EXT --dport 3389 -j ACCEPT # REMOTE DESKTOP
$IPT -A FORWARD -p TCP -i $IFACE_EXT --dport 445 -j ACCEPT # needed for samba
$IPT -A FORWARD -p TCP -i $IFACE_EXT --dport 139 -j ACCEPT # needed for samba
$IPT -A FORWARD -p TCP -i $IFACE_EXT --dport 113 -j ACCEPT # AUTH
$IPT -A FORWARD -p TCP -i $IFACE_EXT --dport 3690 -j ACCEPT # SVN

$IPT -A FORWARD -i $IFACE_INT -s $PRIVATE_NET -j ACCEPT

# $IPT -A FORWARD -j LOG --log-prefix "Forwarding table : "
#$IPT -A FORWARD -j DROP

############################
# INPUT LOOPBACK
############################
$IPT -A INPUT -i lo -j ACCEPT

############################
# INPUT INTRANET
############################
$IPT -A INPUT -p UDP -i $IFACE_INT --dport 53 -j ACCEPT # DNS
$IPT -A INPUT -p UDP -i $IFACE_INT --dport 123 -j ACCEPT # NTP
$IPT -A INPUT -p UDP -i $IFACE_INT --dport 137 -j ACCEPT # NETBIOS-NS
$IPT -A INPUT -p UDP -i $IFACE_INT --dport 138 -j ACCEPT # NETBIOS-DGM
$IPT -A INPUT -p TCP -i $IFACE_INT --dport 139 -j ACCEPT # NETBIOS-SSN

############################
# INPUT INTERNET
############################

############################
# INPUT GENERAL
############################
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ESTABLISHED
$IPT -A INPUT -p ICMP -j ACCEPT # ICMP
$IPT -A INPUT -p TCP --dport 21 -j ACCEPT # FTP
$IPT -A INPUT -p TCP --dport 22 -j ACCEPT # SSH
$IPT -A INPUT -p TCP --dport 80 -j ACCEPT # HTTP
$IPT -A INPUT -p TCP --dport 113 -j ACCEPT # AUTH
$IPT -A INPUT -p TCP --dport 443 -j ACCEPT # HTTPS
$IPT -A INPUT -p TCP --dport 3000 -j ACCEPT # NTOP
$IPT -A INPUT -p tcp --dport 2222 -j ACCEPT

# $IPT -A INPUT -i $IFACE_EXT -j LOG --log-prefix "Input ppp0 : " # LOG..
# $IPT -A INPUT -i $IFACE_INT -j LOG --log-prefix "Input eth0 : " # LOG..
#$IPT -A INPUT -j DROP # DENY ALL

###########################
# TRANSLATION
###########################
$IPT -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 192.168.1.251:22
$IPT -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.251:80

echo "Done."
;;
stop)
echo -n "Flushing firwall's rules: "

###########################
# FLUSH TABLES
###########################
$IPT -t filter -F
$IPT -t nat -F
$IPT -t mangle -F

echo "Done."
;;
restart)
/etc/init.d/firewall stop
/etc/init.d/firewall start
;;
status)
# List tables
echo
echo "---------- FILTER TABLE -----------"
echo
$IPT -t filter -L -v
echo
echo "---------- NAT TABLE -----------"
echo
$IPT -t nat -L -v
echo
;;
*)
echo "Usage: /etc/init.d/firewall {start|stop|status}"
exit 1
;;
esac

exit 0

Tirée de http://christian.caleca.free.fr/net... http://www.glatozen.org/iptables.php http://christian.caleca.free.fr/dhc...