ipmasq: Add files for portforwarding.

1 files changed, 47 insertions, 0 deletions

diff --git a/ipmasq/rules/M80pfw.def b/ipmasq/rules/M80pfw.def
new file mode 100644
index 0000000..38e212f
--- /dev/null
+++ b/ipmasq/rules/M80pfw.def
@@ -0,0 +1,47 @@
+# You should not edit this file.  Instead, create a file with the same
+# name as this one, but with a .rul extension instead of .def.  The
+# .rul file will override this one.
+#
+# However, any changes you make to this file will be preserved.
+
+#: Masquerade packets from internal networks
+if [ -n "$INTERNAL" -a -n "$EXTERNAL" -a -n "$PFW" ]; then
+    for pool in $PFWPOOLS; do
+	eval "PROTOS=\"\$PFWPROTO_$pool\""
+	eval "ORIGPORTS=\"\$PFWORIGPORTS_$pool\""
+	eval "PFWIP=\"\$PFWIP_$pool\""
+	eval "PFWPORT=\"\$PFWPORT_$pool\""
+	for PROTO in $PROTOS; do
+	    for ORIGPORT in $ORIGPORTS; do
+		ORIGPORT_DASH=$(echo $ORIGPORT | sed 's/:/-/g')
+		for j in $EXTERNAL; do
+		    ipnm_cache $j
+		    EXTIP=$IPOFIF
+		    case $MASQMETHOD in
+		    ipfwadm)
+			ipmasqadm portfw -a -P $PROTO -L $EXTIP $ORIGPORT_DASH -R $PFWIP $PFWPORT
+			;;
+		    ipchains)
+			ipmasqadm portfw -a -P $PROTO -L $EXTIP $ORIGPORT_DASH -R $PFWIP $PFWPORT
+			;;
+		    netfilter)
+			$IPTABLES -A PREROUTING -t nat -p $PROTO -d $EXTIP --dport $ORIGPORT -j DNAT --to $PFWIP${PFWPORT:+:$PFWPORT}
+			;;
+		    esac
+		    for i in $INTERNAL; do
+		    	ipnm_cache $i
+			case $MASQMETHOD in
+			netfilter)
+			    $IPTABLES -A FORWARD -i $j -o $i -p $PROTO --dport $ORIGPORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+# TODO: This should be done only for the interface containing the portforward host
+#			    if [ "$PORTFW_REMAP_LOCAL" = "y" ]; then
+#				$IPTABLES -A POSTROUTING -t nat -p $PROTO -d $PFWIP ${PFWPORT:+--dport $PFWPORT} -s $IPOFIF/$NMOFIF -j SNAT --to $IPOFIF
+#			    fi
+			    ;;
+        		esac
+    		    done
+		done
+	    done
+	done
+    done
+fi