#: forward packets between internal and ipsec networks
if [ -n "$IPSECCONN" ]; then
    for j in $IPSECCONN; do
	eval "IPSEC_IF=\$IPSEC_IF_$j"
	eval "IPSEC_HERE=\$IPSEC_HERE_$j"
	eval "IPSEC_THERE=\$IPSEC_THERE_$j"
	for i in $INTERNAL; do
	    ipnm_cache $i
	    case $MASQMETHOD in
	    ipfwadm)
		$IPFWADM -F -a accept -b -S $IPOFIF/$NMOFIF -D $IPSEC_THERE
		;;
	    ipchains)
		$IPCHAINS -A forward -b -j ACCEPT -s $IPSEC_HERE -d $IPSEC_THERE
		;;
	    netfilter)
		$IPTABLES -t nat -A POSTROUTING -s $IPSEC_HERE -d $IPSEC_THERE -j ACCEPT
		$IPTABLES -A FORWARD -j ACCEPT -s $IPSEC_HERE -d $IPSEC_THERE
		$IPTABLES -A FORWARD -j ACCEPT -d $IPSEC_HERE -s $IPSEC_THERE
#		$IPTABLES -A FORWARD -j ACCEPT -s $IPOFIF/$NMOFIF -d $IPSEC_THERE
#		$IPTABLES -A FORWARD -j ACCEPT -d $IPOFIF/$NMOFIF -s $IPSEC_THERE
		;;
	    esac
	done
    done
fi