blob: b3792ac33389814ed3a06d372fc8a980dfd6fae6 (
plain)
- # You should not edit this file. Instead, create a file with the same
- # name as this one, but with a .rul extension instead of .def. The
- # .rul file will override this one.
- #
- # However, any changes you make to this file will be preserved.
- #: Masquerade packets from internal networks
- #if [ -n "$INTERNAL" -a -n "$EXTERNAL_IN" -a -n "$PFW" ]; then
- if [ -n "$EXTERNAL_IN" -a -n "$PFW" ]; then
- for pool in $PFWPOOLS; do
- eval "PROTOS=\"\$PFWPROTO_$pool\""
- eval "ORIGPORTS=\"\$PFWORIGPORTS_$pool\""
- eval "PFWIP=\"\$PFWIP_$pool\""
- eval "PFWPORT=\"\$PFWPORT_$pool\""
- for PROTO in $PROTOS; do
- for ORIGPORT in $ORIGPORTS; do
- ORIGPORT_DASH=$(echo $ORIGPORT | sed 's/:/-/g')
- for j in $EXTERNAL_IN; do
- ipnm_cache $j
- EXTIP=$IPOFIF
- case $MASQMETHOD in
- ipfwadm)
- ipmasqadm portfw -a -P $PROTO -L $EXTIP $ORIGPORT_DASH -R $PFWIP $PFWPORT
- ;;
- ipchains)
- ipmasqadm portfw -a -P $PROTO -L $EXTIP $ORIGPORT_DASH -R $PFWIP $PFWPORT
- ;;
- netfilter)
- $IPTABLES -A PREROUTING -t nat -p $PROTO -d $EXTIP --dport $ORIGPORT -j DNAT --to $PFWIP${PFWPORT:+:$PFWPORT}
- ;;
- esac
- for i in $INTERNAL; do
- ipnm_cache $i
- case $MASQMETHOD in
- netfilter)
- $IPTABLES -A FORWARD -i $j -o $i -p $PROTO --dport $ORIGPORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- # TODO: This should be done only for the interface containing the portforward host
- # if [ "$PORTFW_REMAP_LOCAL" = "y" ]; then
- # $IPTABLES -A POSTROUTING -t nat -p $PROTO -d $PFWIP ${PFWPORT:+--dport $PFWPORT} -s $IPOFIF/$NMOFIF -j SNAT --to $IPOFIF
- # fi
- ;;
- esac
- done
- done
- done
- done
- done
- fi
|
