# Define masqueraded hosts with an IP address or a range of addresses:
#
#   portfw_ip_<hostname>="<ipaddr>[-<ipaddr>]"
#
# <hostname> must be lowercase
# <ipaddr>-ranges works only with iptables/netfilter (2.4.x kernels)
#

#portfw_ip_foo="10.42.42.1"
#portfw_ip_bar="10.42.42.2"

# Define pools either forwarding port (ranges) to same port on
# masqueraded host or redirecting a single port to another port:
#
#    portfw_pool_<pool>="<protocol>[,<protocol>...] <port>[:<port>][,<port>...]] <hostname>"
#    portfw_pool_<pool>="<protocol>[,<protocol>...] <port> <hostname> [<dest port>]"
#
# <pool> can only contain lowercase a-z and underscore (_)
# <protocol> is either tcp or udp (or possibly others)
# <port> can be either numbers or service names
# <port>-ranges is denoted with colon (:) and only works with iptables/netfilter (2.4.x kernels)
# <hostname> must be lowercase.
#

#portfw_pool_ssh="     tcp      ssh                foo"
#portfw_pool_dns="     tcp,udp  domain             foo"
#portfw_pool_mail="    tcp      smtp,pop3,imap     foo"
#portfw_pool_mailsec=" tcp      ssmtp,pop3s,imaps  foo"
#portfw_pool_http="    tcp      http,https         foo"

#portfw_pool_bar_ssh=" tcp      2222               bar   22"
#portfw_pool_foobar="  tcp      88,8080:8089       bar     "

# Requests from inside to the external IP of a portforwarded host will fail.
# Remap local requests so they look like coming from the firewall itself?
# (This works only eith iptables/netfilter)
# (Alternatively you need a local nameserver setup with the inside address)
#
############ This doesn't work yet...
#PORTFW_REMAP_LOCAL="y"
############ This doesn't work yet...