You can get rid of the following two lines:
Code:
$iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
$iptables -A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT
b/c they have already been accepted by the previous statement:
Code:
$iptables -A INPUT -i eth0 -j ACCEPT
and as for port forwarding, as Demonbane mentioned, your rules are a little off. I would remove the lines:
Code:
$iptables -t nat -A PREROUTING -i eth1 -p tcp --sport 80 -d 1.1.1.1 --dport 80 -j DNAT --to-destination 2.2.2.2:80 -v
$iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 80 -d 2.2.2.2 --dport 80 -m state --state NEW -j ACCEPT -v
and change them to read:
Code:
$iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
$iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 2.2.2.2
This will forward all packets from ppp0 with a destination port of 80 to the internal host 2.2.2.2 on port 80. It will also prevent another of your rules from taking effect:
Code:
$iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
No traffic destined for port 80 will make it to the router itself