乌邦图ubuntu配置iptables的NAT上网

cat /etc/network/iptables.up.rules

# Generated by iptables-save v1.6.0 on Mon Nov 21 11:26:13 2016
*nat
:PREROUTING ACCEPT [56:3590]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [45:3096]
:POSTROUTING ACCEPT [45:3096]
-A POSTROUTING -s 10.86.2.0/24 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Nov 21 11:26:13 2016
# Generated by iptables-save v1.6.0 on Mon Nov 21 11:26:13 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2344:488301]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 123
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -s 10.86.2.0/24 -j ACCEPT
-A FORWARD -d 10.86.2.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Nov 21 11:26:13 2016
# Generated by iptables-save v1.6.0 on Mon Nov 21 11:26:13 2016
*mangle
:PREROUTING ACCEPT [5378:7270822]
:INPUT ACCEPT [2077:5734236]
:FORWARD ACCEPT [3301:1536586]
:OUTPUT ACCEPT [2344:488301]
:POSTROUTING ACCEPT [5645:2024887]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Nov 21 11:26:13 2016