milankragujevic/iptables.sh

## iptables.sh
iptables -I FORWARD ! -s 192.168.100.242 -p tcp --dport 53 -j ACCEPT
iptables -I FORWARD ! -s 192.168.100.242 -p udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p tcp --dport 53 -j DNAT --to 192.168.100.242:53
iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p udp --dport 53 -j DNAT --to 192.168.100.242:53

iptables -I FORWARD ! -s 192.168.100.242 -p tcp --dport 5353 -j ACCEPT
iptables -I FORWARD ! -s 192.168.100.242 -p udp --dport 5353 -j ACCEPT
iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p tcp --dport 5353 -j DNAT --to 192.168.100.242:53
iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p udp --dport 5353 -j DNAT --to 192.168.100.242:53

iptables -A FORWARD -p tcp --dport 53 -s 192.168.100.242 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -s 192.168.100.242 -j ACCEPT

iptables -t nat -I POSTROUTING ! -s 192.168.100.242 -p udp --dport 53 -d 192.168.100.242 -j MASQUERADE

# NOTE: 192.168.100.242 is the IP of the DNS server
	iptables -I FORWARD ! -s 192.168.100.242 -p tcp --dport 53 -j ACCEPT
	iptables -I FORWARD ! -s 192.168.100.242 -p udp --dport 53 -j ACCEPT
	iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p tcp --dport 53 -j DNAT --to 192.168.100.242:53
	iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p udp --dport 53 -j DNAT --to 192.168.100.242:53

	iptables -I FORWARD ! -s 192.168.100.242 -p tcp --dport 5353 -j ACCEPT
	iptables -I FORWARD ! -s 192.168.100.242 -p udp --dport 5353 -j ACCEPT
	iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p tcp --dport 5353 -j DNAT --to 192.168.100.242:53
	iptables -t nat -A PREROUTING ! -s 192.168.100.242 -p udp --dport 5353 -j DNAT --to 192.168.100.242:53

	iptables -A FORWARD -p tcp --dport 53 -s 192.168.100.242 -j ACCEPT
	iptables -A FORWARD -p udp --dport 53 -s 192.168.100.242 -j ACCEPT

	iptables -t nat -I POSTROUTING ! -s 192.168.100.242 -p udp --dport 53 -d 192.168.100.242 -j MASQUERADE

	# NOTE: 192.168.100.242 is the IP of the DNS server