====== Iptables/Netfilter port forwarding ======

<code bash | Netfilter rules example>#!/bin/sh

# SSH: local hostA
LOCAL_IP2=192.168.8.12
EXT_PORT2=2202
LOCAL_PORT2=22
iptables -t nat -I PREROUTING -p tcp --dport $EXT_PORT2 -j DNAT --to-destination $LOCAL_IP2:$LOCAL_PORT2
iptables -I FORWARD -i $EXTIF -d $LOCAL_IP2 -p tcp --dport $LOCAL_PORT2 -j ACCEPT

# SSH: local hostB
LOCAL_IP1=192.168.7.5
EXT_PORT1=2201
LOCAL_PORT1=22
iptables -t nat -I PREROUTING -p tcp --dport $EXT_PORT1 -j DNAT --to-destination $LOCAL_IP1:$LOCAL_PORT1
iptables -I FORWARD -i $EXTIF -d $LOCAL_IP1 -p tcp --dport $LOCAL_PORT1 -j ACCEPT

# L4D2: local hostB
LOCAL_IP3=192.168.7.5
EXT_PORT3=27015
LOCAL_PORT3=27015
iptables -t nat -I PREROUTING -p tcp --dport $EXT_PORT3 -j DNAT --to-destination $LOCAL_IP3:$LOCAL_PORT3
iptables -I FORWARD -i $EXTIF -d $LOCAL_IP3 -p tcp --dport $LOCAL_PORT3 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport $EXT_PORT3 -j DNAT --to-destination $LOCAL_IP3:$LOCAL_PORT3
iptables -I FORWARD -i $EXTIF -d $LOCAL_IP3 -p udp --dport $LOCAL_PORT3 -j ACCEPT</code>