==== Exemplo de Gateway ====
Configuração de rede
<code bash>
# cat /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/firewall/rules

allow-hotplug eth1
iface eth1 inet static
	address 200.0.113.254
	netmask 255.255.255.0

allow-hotplug eth2
iface eth2 inet static
	address 192.0.2.254
	netmask 255.255.255.0
</code>

Aplicando regras
<file bash>
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

iptables -t nat -A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp -d 203.0.113.254 --dport 53 -j DNAT --to 192.0.2.200
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 203.0.113.254 --dport 389 -j DNAT --to 192.0.2.50

iptables -t nat -A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
</file>

Salvando as regras
<file bash>
# iptables-save > /etc/firewall/rules
</file>

Habilitando o passagem de pacotes
<code bash>
# vim /etc/sysctl.d/99-sysctl.conf
[...]
net.ipv4.ip_forward=1
[...]
</code>

checando...
<file bash>
# sysctl -p
net.ipv4.ip_forward = 1
</file>