echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
iptables -A FORWARD -i vmbr1 -o vmbr0 -j ACCEPT
iptables -A FORWARD -i vmbr0 -o vmbr1 -j ACCEPT
WAN_ETH=eno1 #Имя интерфейса WAN
LAN_ETH=vmbr0 #Имя интерфейса Lan
iptables -I FORWARD 1 -m state --state INVALID -j DROP
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -i $LAN_ETH -o $WAN_ETH -j ACCEPT -m comment --comment "Lan->WAN"
iptables -P FORWARD DROP
PROTO=tcp #Протокол
DPORT_EXTERNAL=33333 #Номер порта WAN
DPORT_INTERNAL=3389 #Номер порта LAN
IP_LAN_1=10.10.10.3 #IP куда пробрасываем
WAN_ETH=enp0s31f6 #имя WAN интерфейса
iptables -t nat -A PREROUTING -p $PROTO -i $WAN_ETH --dport $DPORT_EXTERNAL -j DNAT --to-destination $IP_LAN_1:$DPORT_INTERNAL
iptables -A FORWARD -i $WAN_ETH -p $PROTO -d $IP_LAN_1 --dport $DPORT_INTERNAL -j ACCEPT
ALLOWED_IP="18.18.18.18"
iptables -t nat -A PREROUTING -p $PROTO -i $WAN_ETH --dport $DPORT_EXTERNAL -s $ALLOWED_IP -j DNAT --to-destination $IP_LAN_1:$DPORT_INTERNAL
iptables -A FORWARD -i $WAN_ETH -p $PROTO -d $IP_LAN_1 --dport $DPORT_INTERNAL -s $ALLOWED_IP -j ACCEPT
iptables -t nat -L PREROUTING -n --line-numbers
iptables -L FORWARD -n -v --line-numbers
iptables -A FORWARD -s 10.66.66.0/24 -d 10.10.10.2 -j DROP