# You should not edit this file.  Instead, create a file with the same
# name as this one, but with a .rul extension instead of .def.  The
# .rul file will override this one.
#
# However, any changes you make to this file will be preserved.

#: Masquerade packets from internal networks
if [ -n "$INTERNAL" -a -n "$EXTERNAL" ]; then
    for j in $EXTERNAL; do
        for i in $INTERNAL; do
            ipnm_cache $i
            case $MASQMETHOD in
            ipfwadm)
                $IPFWADM -F -a masq -W ${j%%:*} -S $IPOFIF/$NMOFIF
                ;;
            ipchains)
                if [ -n "$PEEROFIF" ]; then
                    $IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:*} -s $PEEROFIF/$NMOFIF
                else
                    $IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:*} -s $IPOFIF/$NMOFIF
                fi
                ;;
	    netfilter)
		i=$(echo $i | cut -d ":" -f 1)
		j=$(echo $j | cut -d ":" -f 1)
		if [ -n "$PEEROFIF" ]; then
		    $IPTABLES -t nat -A POSTROUTING -s $PEEROFIF/$NMOFIF -o ${j%%:*} -j MASQUERADE
		    $IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $PEEROFIF/$NMOFIF -j ACCEPT
		    $IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $PEEROFIF/$NMOFIF -j ACCEPT
		else
		    $IPTABLES -t nat -A POSTROUTING -s $IPOFIF/$NMOFIF -o ${j%%:*} -j MASQUERADE
		    $IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $IPOFIF/$NMOFIF -j ACCEPT
		    $IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT
		fi
	        ;;
            esac
        done
    done
fi