pok182
(usa Ubuntu)
Enviado em 13/07/2010 - 11:06h
se puder me ajudar....
preciso bloquear essas portas...
enfim...
meu firewall aqui:
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
# Zerando o Firewall (Flush)
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#iptables -A INPUT -p tcp --syn .i eth0 .s 192.168.0.50/32 .o eth1 --destination-port 80 -j ACCEPT
#iptables -A INPUT -p tcp --syn .i eth0 .s 192.168.0.50/32 .o eth1 --destination-port 443 -j ACCEPT
#EMAIL
#iptables -A FORWARD -p TCP --dport 25 -i eth0 -j ACCEPT
#i3iptables -A FORWARD -p UDP --dport 53 -i eth0 -j ACCEPT
#iptables -A FORWARD -p TCP --dport 110 -i eth0 -j ACCEPT
#iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 192.168.0.1 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.1 --sport 53 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.246.46.173 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.246.46.173 --sport 53 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.246.46.132 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.246.46.132 --sport 53 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.0.0/24 --dport 25 -j ACCEPT
iptables -A FORWARD -p TCP -s 192.168.0.0/24 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
#Liberar MSN
iptables -A FORWARD -s 192.168.0.50 -p tcp --dport 1863 -j ACCEPT # Renan
#iptables -A FORWARD -s 192.168.0.50 -d loginnet.passport.com -j ACCEPT #Renan
iptables -A FORWARD -s 192.168.0.71 -p tcp --dport 1863 -j ACCEPT # Graziela
#iptables -A FORWARD -s 192.168.0.50 -d loginnet.passport.com -j ACCEPT #Renan
iptables -A FORWARD -s 192.168.0.178 -p tcp --dport 1863 -j ACCEPT # Matheus
#iptables -A FORWARD -s 192.168.0.178 -d loginnet.passport.com -j ACCEPT #Matheus
iptables -A FORWARD -s 192.168.0.15 -p tcp --dport 1863 -j ACCEPT # Gustavo
#iptables -A FORWARD -s 192.168.0.15 -d loginnet.passport.com -j ACCEPT #Gustavo
iptables -A FORWARD -s 192.168.0.147 -p tcp --dport 1863 -j ACCEPT # Leandro
#iptables -A FORWARD -s 192.168.0.15 -d loginnet.passport.com -j ACCEPT
iptables -A FORWARD -s 192.168.0.146 -p tcp --dport 1863 -j ACCEPT # Elide
#iptables -A FORWARD -s 192.168.0.146 -d loginnet.passport.com -j ACCEPT #Elide
iptables -A FORWARD -s 192.168.0.174 -p tcp --dport 1863 -j ACCEPT # lilian
iptables -A FORWARD -s 192.168.0.28 -p tcp --dport 1863 -j ACCEPT # Bruno
#iptables -A FORWARD -s 192.168.0.28 -d loginnet.passport.com -j ACCEPT # Bruno
iptables -A FORWARD -s 192.168.0.28 -p tcp --dport 1863 -j ACCEPT # Bruno
#iptables -A FORWARD -s 192.168.0.28 -d loginnet.passport.com -j ACCEPT # Bruno
iptables -A FORWARD -s 192.168.0.25 -p tcp --dport 1863 -j ACCEPT # Daniela
#iptables -A FORWARD -s 192.168.0.25 -d loginnet.passport.com -j ACCEPT #Daniela
iptables -A FORWARD -s 192.168.0.78 -p tcp --dport 1863 -j ACCEPT # Evelise
#iptables -A FORWARD -s 192.168.0.78 -d loginnet.passport.com -j ACCEPT # Evelise
iptables -A FORWARD -s 192.168.0.53 -p tcp --dport 1863 -j ACCEPT # Cirulli
#iptables -A FORWARD -s 192.168.0.53 -d loginnet.passport.com -j ACCEPT # Cirulli
iptables -A FORWARD -s 192.168.0.26 -p tcp --dport 1863 -j ACCEPT # Lilian
#iptables -A FORWARD -s 192.168.0.26 -d loginnet.passport.com -j ACCEPT #Lilian
iptables -A FORWARD -s 192.168.0.120 -p tcp --dport 1863 -j ACCEPT # Prisciliana
#iptables -A FORWARD -s 192.168.0.120 -d loginnet.passport.com -j ACCEPT # Prisciliana
iptables -A FORWARD -s 192.168.0.69 -p tcp --dport 1863 -j ACCEPT # Rodrigo
#iptables -A FORWARD -s 192.168.0.69 -d loginnet.passport.com -j ACCEPT #Rodrigo
iptables -A FORWARD -s 192.168.0.67 -p tcp --dport 1863 -j ACCEPT # Juliana
#iptables -A FORWARD -s 192.168.0.67 -d loginnet.passport.com -j ACCEPT # Juliana
iptables -A FORWARD -s 192.168.0.68 -p tcp --dport 1863 -j ACCEPT # Andressa
#iptables -A FORWARD -s 192.168.0.68 -d loginnet.passport.com -j ACCEPT # Andressa
iptables -A FORWARD -s 192.168.0.63 -p tcp --dport 1863 -j ACCEPT # Flavia
#iptables -A FORWARD -s 192.168.0.64 -d loginnet.passport.com -j ACCEPT # Flavia
#Bloquiar MSN
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
#iptables -A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT
# Habilitando Masquerade e forwarding
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
#iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT
iptables -A FORWARD -s 192.168.0.71 -j ACCEPT
iptables -A FORWARD -s 192.168.126.129 -j ACCEPT
iptables -A FORWARD -s 192.168.0.128 -j ACCEPT
iptables -A FORWARD -s 192.168.0.49 -j ACCEPT
iptables -A FORWARD -s 192.168.0.179 -j ACCEPT
iptables -A FORWARD -s 192.168.0.95 -j ACCEPT
iptables -A FORWARD -s 192.168.0.109 -j ACCEPT
iptables -A FORWARD -s 192.168.0.88 -j ACCEPT
iptables -A FORWARD -s 192.168.0.186 -j ACCEPT
iptables -A FORWARD -s 192.168.0.50 -j ACCEPT
iptables -A FORWARD -s 192.168.0.80 -j ACCEPT
iptables -A FORWARD -s 192.168.0.254 -j ACCEPT
iptables -A FORWARD -s 192.168.0.11 -j ACCEPT
iptables -A FORWARD -s 192.168.0.63 -j ACCEPT
iptables -A FORWARD -s 192.168.0.147 -j ACCEPT
iptables -A FORWARD -s 192.168.0.93 -j ACCEPT
iptables -A FORWARD -s 192.168.0.65 -j ACCEPT
iptables -A FORWARD -s 192.168.0.71 -j ACCEPT
iptables -A FORWARD -s 192.168.0.65 -j ACCEPT
iptables -A FORWARD -s 192.168.0.71 -j ACCEPT
iptables -A FORWARD -s 192.168.0.138 -j ACCEPT
iptables -A FORWARD -s 192.168.0.28 -j ACCEPT
iptables -A FORWARD -s 192.168.0.146 -j ACCEPT
iptables -A FORWARD -s 192.168.0.26 -j ACCEPT
iptables -A FORWARD -s 192.168.0.25 -j ACCEPT
iptables -A FORWARD -s 192.168.0.68 -j ACCEPT
iptables -A FORWARD -s 192.168.0.69 -j ACCEPT
iptables -A FORWARD -s 192.168.0.101 -j ACCEPT
iptables -A FORWARD -s 192.168.0.59 -j ACCEPT
iptables -A FORWARD -s 192.168.0.49 -j ACCEPT
iptables -A FORWARD -s 192.168.0.56 -j ACCEPT
iptables -A FORWARD -s 192.168.0.144 -j ACCEPT
iptables -A FORWARD -s 192.168.0.48 -j ACCEPT
iptables -A FORWARD -s 192.168.0.47 -j ACCEPT
iptables -A FORWARD -s 192.168.0.51 -j ACCEPT
iptables -A FORWARD -s 192.168.0.58 -j ACCEPT
iptables -A FORWARD -s 192.168.0.46 -j ACCEPT
iptables -A FORWARD -s 192.168.0.156 -j ACCEPT
iptables -A FORWARD -s 192.168.0.12 -j ACCEPT
iptables -A FORWARD -s 192.168.0.14 -j ACCEPT
iptables -A FORWARD -s 192.168.0.53 -j ACCEPT
iptables -A FORWARD -s 192.168.0.30 -j ACCEPT
iptables -A FORWARD -s 192.168.0.186 -j ACCEPT
iptables -A FORWARD -s 192.168.0.35 -j ACCEPT
iptables -A FORWARD -s 192.168.0.78 -j ACCEPT
iptables -A FORWARD -s 192.168.0.174 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# STATE RELATED para Router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Rede interna tem acesso permitido
iptables -A INPUT -p tcp -s 127.0.0.1/255.255.255.255 -j ACCEPT
iptables -A INPUT -p udp -s 127.0.0.1/255.255.255.255 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p tcp -s 10.0.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/255.255.0.0 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0.0.0.0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0.0.0.0 -j DROP
#Liberar computadores
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 0.0.0.0/0.0.0.0 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 0.0.0.0/0.0.0.0 --dport 443 -j ACCEPT
#Liberar Receita
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 0.0.0.0/0.0.0.0 --dport 3456 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 0.0.0.0/0.0.0.0 --dport 3456 -j ACCEPT
#Conectividade - CAD Unico
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.201.174.204 --dport 2631 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 200.201.174.204 --dport 2631 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.0.0/16 -s 200.201.174.204 --dport 2631 -j ACCEPT
#Recarga de cartao Passe
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 174.133.30.170 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 174.133.30.194 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 --dport 3306 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/16 --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1433 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1433 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1434 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1434 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.171.74.227 --dport 1446 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.171.74.227 --dport 1446 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.144.5.48 --dport 1498 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 -d 200.144.5.48 --dport 1446 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.144.5.48 --dport 1498 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 200.144.5.48 --dport 1446 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/16 --dport 1446 -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.0.0/16 -s 189.5.194.64 --dport 7486 -j ACCEPT
#iptables -A FORWARD -p tcp -s 192.168.0.52 -d
www.claro.com.br -j ACCEPT
#iptables -A FORWARD -p udp -d 192.168.0.52 -s
www.claro.com.br -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/16 --dport 3356 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/16 --dport 3356 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 5900 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 5900 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 1863 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 44405 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 44405 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.95 --dport 55901 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.95 --dport 55901 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.50 --dport 27442 -j ACCEPT
#rede interna
#iptables -A FORWARD -p tcp -d 192.168.0.134 -j ACCEPT
#iptables -A FORWARD -p tcp -s 192.168.0.134 -j ACCEPT
# Portas que estao abertas para a internet
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 221 -j ACCEPT
#Porta do Remote Desktop
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 65432 -j ACCEPT
iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp --dport 44405 -j ACCEPT
iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp --dport 44405 -j ACCEPT
iptables -A INPUT -p tcp --dport 55901 -j ACCEPT
iptables -A INPUT -p tcp --dport 7486 -j ACCEPT
iptables -A INPUT -p tcp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 27442 -j ACCEPT
# Permitir ICMP
iptables -A INPUT -p icmp -j ACCEPT
#iptables -t nat -A PREROUTING -d
www.ciee.org.br -j ACCEPT
#iptables -t nat -A PREROUTING -d redir.folha.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d f.i.uol.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d
www.folha.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d
www.farmaciasdelimeira.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.234.200.68 -j ACCEPT
#iptables -t nat -A PREROUTING -d
www.pmas.sp.gov.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.144.6.210 -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.144.6.9 -j ACCEPT
#iptables -t nat -A PREROUTING -d
www.mds.gov.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 192.168.0.105 -j ACCEPT
#iptables -t nat -A PREROUTING -d 201.65.178.130 -j ACCEPT
#iptables -t nat -A PREROUTING -d
www14.bancodobrasil.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 170.66.1.60 -j ACCEPT
#iptables -t nat -A PREROUTING -d office.bancobrasil.com.br -j ACCEPT
#iptables -t nat -A PREROUTING -d 189.47.163.127 --dport 300 -j ACCEPT
#iptables -t nat -A PREROUTING -d 189.5.194.64 --dport 7486 -j ACCEPT
#iptables -t nat -A PREROUTING -d 189.5.194.64 -j ACCEPT
#iptables -t nat -A PREROUTING -d 200.155.160.200 -j ACCEPT
#AUDESP
#iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.50 -d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 80
iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.50 -d 0/0 -j ACCEPT #--> quem for liberado aqui nãpassa pela regra seguinte
iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.49 -d 0/0 -j ACCEPT #--> quem for liberado aqui nãpassa pela regra seguinte
iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.10 -d 0/0 -j ACCEPT #--> quem for liberado aqui nãpassa pela regra seguinte
#iptables -t nat -A PREROUTING -i eth0 -p tcp -d 0/0 --dport http -j REDIRECT --to-port 3128
# Direciona todo o trafego da porta 80 para o Squid
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
#Redireciona porta 3389 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 3389 -j DNAT --to 192.168.0.250:3389
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 3389 -j ACCEPT
#Redireciona porta 3389 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 3390 -j DNAT --to 192.168.0.250:3389
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 3389 -j ACCEPT
#Redireciona porta 5432 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 5432 -j DNAT --to 192.168.0.250:5432
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 5432 -j ACCEPT
#Redireciona porta 5432 para o Windows
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 65432 -j DNAT --to 192.168.0.250:65432
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 65432 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.0.250 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.250 --dport 65432 -j ACCEPT
#Redireciona porta 5900 para o Windows (MArio)
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 5900 -j DNAT --to 192.168.0.49:5900
iptables -t nat -A POSTROUTING -d 192.168.0.49 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.49 --dport 5900 -j ACCEPT
#redireciona porta 8080 para porta 80 srvconan
iptables -t nat -A PREROUTING -p tcp -d 201.75.229.121 --dport 8080 -j DNAT --to 192.168.0.105:80
iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 80 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 187.2.29.193 --dport 8080 -j DNAT --to 192.168.0.105:80
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 8080 -j DNAT --to 192.168.0.105:80
#iptables -t nat -A PREROUTING -p tcp -d 201.75.229.121 --dport 8080 -j DNAT --to 192.168.0.105:80
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 80 -j ACCEPT
#Redireciona porta 300 para a porta 22 do SRVCONAN
#iptables -t nat -A PREROUTING -p tcp -d 201.75.229.121 --dport 300 -j DNAT --to 192.168.0.105:22
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 187.107.145.14 --dport 300 -j DNAT --to 192.168.0.105:22
iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 22 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 201.62.122.32 --dport 300 -j DNAT --to 192.168.0.105:22
#iptables -t nat -A POSTROUTING -d 192.168.0.105 -j SNAT --to 192.168.0.1
#iptables -A FORWARD -p tcp -d 192.168.0.105 --dport 22 -j ACCEPT