Index: iptables/setfilter
===================================================================
--- iptables/setfilter	(revision c1094188ede7a1445e590417ab77e4020724332c)
+++ iptables/setfilter	(revision 71b798cb5d5acf287fe80c4c343c6fe703e19c0c)
@@ -34,5 +34,5 @@
         error=""
         
-        tables="raw mangle"
+        tables="raw mangle nat"
         for table in $tables
         do
@@ -74,5 +74,5 @@
     error=""
     
-    tables="raw mangle"
+    tables="raw mangle nat"
     for table in $tables
     do
Index: iptables/ufw/after.rules
===================================================================
--- iptables/ufw/after.rules	(revision 49996391c0a72e72d2f07c9959e94f6036d621bb)
+++ iptables/ufw/after.rules	(revision 71b798cb5d5acf287fe80c4c343c6fe703e19c0c)
@@ -16,4 +16,10 @@
 # End required lines
 
+## allow connections to the local services from WAN
+# ssh 22/tcp
+-A ufw-after-input -p tcp --syn -m state --state NEW --dport 22 -j ACCEPT
+# https 443/tcp
+-A ufw-after-input -p tcp --syn -m state --state NEW --dport 443 -j ACCEPT
+
 # don't log noisy services by default
 -A ufw-after-input -p udp --dport 137 -j RETURN
Index: iptables/ufw/nat.rules
===================================================================
--- iptables/ufw/nat.rules	(revision 71b798cb5d5acf287fe80c4c343c6fe703e19c0c)
+++ iptables/ufw/nat.rules	(revision 71b798cb5d5acf287fe80c4c343c6fe703e19c0c)
@@ -0,0 +1,21 @@
+#
+# This file is used by /etc/init.d/setfilter
+#
+# Rules that should be stored in nat table.
+# These are mainly used to IP MASQUERADE and REDIRECT.
+
+
+*nat
+
+## IP MASQUERADE to WAN(eth1)
+-A POSTROUTING -o eth1 -j MASQUERADE
+
+## port REDIRECT to local services
+# 8443/tcp -> 443/tcp
+-A PREROUTING -p tcp --dport 8443 -j REDIRECT --to-port 443
+# WAN 8000/tcp -> 443/tcp
+-A PREROUTING -p tcp -i eth1 --dport 8000 -j REDIRECT --to-port 443
+# LAN 8000/tcp -> 22/tcp
+-A PREROUTING -p tcp -i eth0 --dport 8000 -j REDIRECT --to-port 22
+
+COMMIT