从零开始学LINUX之“第一次就这样没了”

[root@zxyws iptable]# vi iptables
#!/bin/bash
#iptables rule and NAT
PATH=/usr/ke/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
OUT="eth1"
IN="eth0"
LAN="192.168.1.0/24"
export OUT IN LAN PATH
#load modprobe
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_state
modprobe ip_conntrack_irc
#iptables tables
iptables -F
iptables -Z
iptables -x
#policy rule
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -i $OUT --dport 22 -j ACCEPT #SSH
iptables -A INPUT -p tcp -i $OUT --dport 80 -j ACCEPT #WWW
iptables -A INPUT -p tcp -i $OUT --sport 53 -j ACCEPT #DNS
iptables -A INPUT -p udp -i $OUT --sport 53 -j ACCEPT #DNS
#iptables -A INPUT -p tcp -i $OUT --dport 25 -j ACCEPT #SMTP
#iptables -A INPUT -p tcp -i $OUT --dport 110 -j ACCEPT #POP3
#iptables -A INPUT -p tcp -i $OUT --dport 443 -j ACCEPT #HTTPS
iptables -A INPUT -i $IN -s $LAN -j ACCEPT
#NAT table
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F -t nat
iptables -Z -t nat
iptables -X -t nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o $OUT -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i $OUT --dport 80 -j DNAT --to 192.168.1.2:80