====== filter table ======

allow forward for specific in/out interface:

  iptables -I FORWARD --in-interface <name> --out-interface <name> -j ACCEPT


====== mangle table ======

mark packet: 

  iptables -t mangle -I PREROUTING --in-interface <name> -j MARK --set-mark 0x10086
  
  
====== nat table ======

postrouting masquerade:

  iptables -t nat -I POSTROUTING --out-interface <name> -j MASQUERADE --match <value>
  

prerouting masquerade:

  iptables -t nat -I PREROUTING --in-interface <name> -j MASQUERADE --match <value>