First enable IPv4 packet forwarding by editing /etc/sysctl.conf, uncomment (or add) the following line:

net.ipv4.ip_forward=1

Then add the following lines to /etc/rc.local (so the rule is enabled on reboot):

# source NAT
# alter the source address of the packets from the internal network
Ext_IF="eth0"
Ext_IP="140.109.56.179"
Int_IF="eth3"
iptables -t nat -A POSTROUTING -s 192.168.1.0/16 -o $Ext_IF -j SNAT --to-source $Ext_IP
iptables -A FORWARD -s 192.168.1.0/16 -o $Ext_IF -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/16 -i $Int_IF -m state --state ESTABLISHED,RELATED -j ACCEPT

# destination NAT
# forward ssh to workstation with the internal ip 192.168.1.2
Ext_IF_2="eth0:0"
Int_IP="192.168.1.2"
iptables -t nat -I PREROUTING -p tcp -i $Ext_IF_2 --dport 22 -j DNAT --to-destination $Int_IP:22
iptables -A FORWARD -i $Ext_IF_2 -o $Int_IF -p tcp --dport 22 -j ACCEPT

sudo iptables -t nat -L

• https://help.ubuntu.com/10.04/serverguide/C/firewall.html