[root@New-FW sysconfig]# cat iptables
# Generated by iptables-save v1.2.9 on Sat Feb 14 10:59:35 2009
*nat
:PREROUTING ACCEPT [335361:46921314]
:POSTROUTING ACCEPT [69416:2772714]
:OUTPUT ACCEPT [129260:5684293]
[11:532] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.0.35 
[23:1104] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 40000 -j DNAT --to-destination 192.168.0.33 
[5:284] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.0.35 
[370:20172] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.35 
[352:76370] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 32768 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -d 70.62.125.136 -p udp -m udp --dport 32768 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 5800 -j DNAT --to-destination 192.168.0.33 
[42:2032] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 5900 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 5801 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 31000 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 17100 -j DNAT --to-destination 192.168.0.33 
[31:6128] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 8767 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 14534 -j DNAT --to-destination 192.168.0.33 
[4806:271530] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.0.21 
[171:10264] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.0.21 
[1:64] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.0.21 
[9:484] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 7080 -j DNAT --to-destination 192.168.0.21 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 7025 -j DNAT --to-destination 192.168.0.21 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 7026 -j DNAT --to-destination 192.168.0.21 
[11:636] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 7443 -j DNAT --to-destination 192.168.0.21 
[178:10680] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 51234 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 9100 -j DNAT --to-destination 192.168.0.55 
[0:0] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 32769 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 40001 -j DNAT --to-destination 192.168.0.35 
[31:3781] -A PREROUTING -d 70.62.125.136 -i eth0 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 8768 -j DNAT --to-destination 192.168.0.33 
[22:891] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 27960 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 27960 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.19 -p tcp -m tcp --dport 1009 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -d 172.16.240.19 -p udp -m udp --dport 1009 -j DNAT --to-destination 192.168.0.35 
[46:2768] -A PREROUTING -d 172.16.240.40 -p tcp -m tcp --dport 12975 -j DNAT --to-destination 192.168.0.35 
[80:6400] -A PREROUTING -d 172.16.240.40 -p udp -m udp --dport 12975 -j DNAT --to-destination 192.168.0.35 
[0:0] -A PREROUTING -p tcp -m tcp --dport 27888 -j DNAT --to-destination 192.168.0.33 
[2:74] -A PREROUTING -p udp -m udp --dport 27888 -j DNAT --to-destination 192.168.0.33 
[0:0] -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 192.168.0.35 
[209457:13817150] -A POSTROUTING -o eth1 -j SNAT --to-source 172.16.240.40
[0:0] -A POSTROUTING -d 192.168.0.0/24 -s 192.168.0.0/24 -j SNAT --to-source 192.168.0.85
COMMIT
# Completed on Sat Feb 14 10:59:35 2009
# Generated by iptables-save v1.2.9 on Sat Feb 14 10:59:35 2009
*filter
:INPUT ACCEPT [284986:47827637]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [349362:24429016]
:block - [0:0]
[11:558] -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 10000 -j ACCEPT 
[54776:4094964] -A INPUT -i lo -j ACCEPT 
[19515:1179336] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
[89186:3781843] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
[111694:5792476] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
[0:0] -A INPUT -i lo -j ACCEPT 
[284541:47776028] -A INPUT -m state --state NEW -j LOG --log-prefix "INdrop" --log-level 7 
[0:0] -A FORWARD -s 125.246.56.194 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 24.10.196.231 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 201.39.118.183 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 202.101.189.126 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 72.72.23.231 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 88.198.11.147 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 213.170.35.27 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 58.71.1.35 -p tcp -m tcp --dport 80 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 14534 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 5801 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 5901 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 5900 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 5800 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p udp -m udp --dport 8767 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 31000 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p udp -m udp --dport 17100 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p udp -m udp --dport 32768 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 32768 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 21 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 40000 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p tcp -m tcp --dport 3389 -j DROP 
[0:0] -A FORWARD -s 85.139.152.0/255.255.248.0 -p udp -m udp --dport 17479 -j DROP 
[7612568:2313296183] -A FORWARD -s 192.168.0.0/255.255.255.0 -j ACCEPT 
[8281500:4545486111] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
[7:534] -A FORWARD -i eth0 -j ACCEPT 
[20:1008] -A FORWARD -p tcp -m tcp --dport 3389 -j ACCEPT 
[23:1104] -A FORWARD -p tcp -m tcp --dport 40000 -j ACCEPT 
[12:664] -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT 
[924:52080] -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT 
[392:82826] -A FORWARD -p udp -m udp --dport 32768 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 5800 -j ACCEPT 
[57:2752] -A FORWARD -p tcp -m tcp --dport 5900 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 5901 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 5801 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 31000 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 17100 -j ACCEPT 
[31:6128] -A FORWARD -p udp -m udp --dport 8767 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 14534 -j ACCEPT 
[4971:280266] -A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT 
[172:10312] -A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT 
[1:64] -A FORWARD -p tcp -m tcp --dport 143 -j ACCEPT 
[10:544] -A FORWARD -p tcp -m tcp --dport 7080 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 7025 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 7026 -j ACCEPT 
[11:636] -A FORWARD -p tcp -m tcp --dport 7443 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 16567 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 5902 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 5802 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 29900 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 1500:4999 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 1024:1124 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 1024:1124 -j ACCEPT 
[178:10680] -A FORWARD -p tcp -m tcp --dport 51234 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 9100 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 32769 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 40001 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 8768 -j ACCEPT 
[23:934] -A FORWARD -p udp -m udp --dport 27960 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 27960 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 52901 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 1009 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 1009 -j ACCEPT 
[62:3600] -A FORWARD -p tcp -m tcp --dport 12975 -j ACCEPT 
[317:26512] -A FORWARD -p udp -m udp --dport 12975 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 9000 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 9000 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 9001 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 9001 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 9002 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 9002 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 9003 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 9004 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 9004 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 9005 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 9005 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 63776 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 32976 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 27888 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 27888 -j ACCEPT 
[0:0] -A FORWARD -p udp -m udp --dport 17771 -j ACCEPT 
[0:0] -A FORWARD -p tcp -m tcp --dport 3306 -j ACCEPT 
[5745:333548] -A FORWARD -m state --state NEW -j LOG --log-prefix "FWDDROP" --log-level 7 
COMMIT
# Completed on Sat Feb 14 10:59:35 2009
# Generated by iptables-save v1.2.9 on Sat Feb 14 10:59:35 2009
*mangle
:PREROUTING ACCEPT [106896697:49300413471]
:INPUT ACCEPT [4880290:1127605299]
:FORWARD ACCEPT [98033123:47236668341]
:OUTPUT ACCEPT [1980895:191553909]
:POSTROUTING ACCEPT [100040783:47434733464]
COMMIT
# Completed on Sat Feb 14 10:59:35 2009