iptables -S
iptables -L --line-number
iptables -t nat -S
iptables -t nat -n -L --line-number
TCP Port Forwarding
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.1.3:22
iptables -A FORWARD -p tcp -d 192.168.1.3 --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2221 -j DNAT --to 192.168.1.4:22
iptables -A FORWARD -p tcp -d 192.168.1.4 --dport 22 -j ACCEPT
UDP Port Forwarding
iptables -t nat -A PREROUTING -d <IP>/32 -i <interface> -p udp --dport 123 -j DNAT --to-destination 162.159.192.1:2408
iptables -t nat -A PREROUTING -d <IP>/32 -i <interface> -p udp -m multiport --dports 53,123 -j DNAT --to-destination 162.159.192.1:2408
# If forwarded to a public IP and port, do masquerading for that traffic
iptables -t nat -A POSTROUTING -d 162.159.192.1/32 -o <interface> -p udp --dport 2408 -j MASQUERADE
iptables -t nat -A PREROUTING -d <IP>/32 -i <interface> -p udp --dport 123 -j REDIRECT --to-ports 51820
iptables -t nat -A PREROUTING -d <IP>/32 -i <interface> -p udp -m multiport --dports 53,123 -j REDIRECT --to-ports 51820