iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT # you set start rules. Drop everything in INPUT and FORWARD chain, and accept all in OUTPUT chain ( do you understand chains ? )
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT # Accept all from lo interface
I suppose you have this rule on some machine with two network interfaces ?
So, using this rule
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 192.168.11.2
you allow packets originated from network 192.168.1.0/24 to have source address as they are originating from host 192.168.11.2
You can allow transfer packets from one interface to antoher with the folowing rules :
iptabes -A FORWARD -i $LAN_IFACE -j ACCEPT
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ...
this will allow forward from inside net to outside.
iptables -A FORWARD -o $other_iface -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED, RELATED -j ACCEPT
also read http://iptables-tutorial.frozentux.n...-tutorial.html
and more, http://lartc.org/
By the way I do not understand, why you have to stop it when once in work.