Using Iptables for simple internet access and filtering

Article title: using Iptables for simple internet access and filtering. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
What we need to do is simply forward (NAT) and FILTER (FILTER)
Assume that your network is as follows:
-----------------------------------
[Internet]
|
|
[Host]
|
|
[HUB switch]
|
|
[Intranet machine] []...
------------------------------------
The host's external IP address is 1.2.3.4 (eth0), 192.168.0.1 (eth1), and 192.168.8.0/24
　　
　　 1. set a LINUX host so that other machines on the intranet can access the Internet through this host.
If the host is a dial-up Internet access:
# Iptables-t nat-a postrouting-o ppp0-j MASQUERADE
If the host accesses the Internet through the real IP address:
Iptables-t nat-a postrouting-o eth0-j MASQUERADE
Echo 1>/proc/sys/net/ipv4/ip_forward
　　
　　 2. set a LINUX host to restrict internal access to the outside and external access to the inside
# We use the most common policy to close everything first, then open the necessary, and then use what iptables-p forward drop;
Iptables-a forward-f-j ACCEPT;
Iptables-a forward-m state -- state ESTABLISHED, RELATED-j ACCEPT;
　　
# Inside and outside, we only allow them to access the Internet through a browser
Iptables-a forward-p tcp -- dport www-I eth1-0 eth0-j ACCEPT
　　
# Due to "pressure", another MSN was opened
IPTABLES-a forward-p TCP -- dport 1863-j ACCEPT
IPTABLES-a forward-p TCP -- dport 7801: 7825-j ACCEPT
IPTABLES-a forward-p TCP -- dport 6891: 6900-j ACCEPT
Iptables-a forward-d 64.4.133/24-j ACCEPT