#Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat

#Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -j ACCEPT -p icmp
iptables -A FORWARD -j ACCEPT -p icmp
iptables -A OUTPUT -j ACCEPT -p icmp

#Open ports on router for Local services
iptables -A INPUT -j ACCEPT -p tcp --dport 80
iptables -A INPUT -j ACCEPT -p tcp --dport 8080
iptables -A INPUT -j DROP -p tcp --dport 139
iptables -A INPUT -j DROP -p tcp --dport 445

#Transparent Proxy
iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A PREROUTING -s 192.168.0.0/16 -p tcp --dport 25 -j REDIRECT --to-port 25

#Intercept SMTP (port 25)
iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.1 --dport 25 -j MASQUERADE

#MTU Fix
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

#Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

#Establish TCP Max Connections
#echo 15846 > /proc/sys/net/ipv4/ip_conntrack_max

#VPN Fix
modprobe ip_nat_pptp
modprobe ip_conntrack_pptp
modprobe ip_nat_ftp