# Allow IP traffic to go out External interface from the Internal
sudo iptables -A FORWARD -o $EXTIF -i ! $EXTIF -j ACCEPT
# Allow related traffic from Exteral to Internal that was
# initiated by the Internal interface
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -f -j ACCEPT
# Enable SNAT (MASQUERADE) functionality on External interface
sudo iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
# Define the tables for each gateway on each interface
sudo ip route add default via 10.x.x.1 dev eth0 table 1#你的内网的网关地址10.x.x.1
sudo ip route add default via 68.x.x.1 dev eth1 table 2#你的外网的网关地址,ifconfig命令可看到一个p-t-p的地址68.x.x.1
# Add rules that route packets based on source or destination
#sudo ip rule add to 204.39.x.x/16 table 2 priority 500
#sudo ip rule add to 199.199.x.x/16 table 2 priority 510
#sudo ip rule add from 10.69.x.x/24 table 1 priority 600