Thanks ,
Moti
iptables -t nat -A PREROUTING -d $EXTIP -p TCP -m multiport \
--dport 25,80,110,443 -j DNAT --to $SRV_IP
iptables -t nat -A POSTROUTING -o $EXTIF -s $LAN -j MASQUERADE
# --------------------------------------------------------------------------
--
iptables -A INPUT -i $EXTIF -p udp -m udp -s 0/0 --sport 67:68 -j ACCEPT
iptables -A INPUT -i $EXTIF -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $EXTIF -p udp -m udp -s 0/0 --sport 500 -j ACCEPT
iptables -A INPUT -i $EXTIF -p 50 -s 0/0 -j ACCEPT
iptables -A INPUT -i $EXTIF -p 51 -s 0/0 -j ACCEPT
iptables -A INPUT -i $EXTIF -p tcp -d $EXTIP -m multiport \
--dport 22,25,80,110,443,8080 -j ACCEPT
iptables -A INPUT -i $EXTIF -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -i $EXTIF -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
iptables -A INPUT -i $EXTIF -m limit --limit 5/minute -j LOG --log-prefix
"IPT->"
iptables -A INPUT -i $EXTIF -j DROP
