# You should not edit this file.  Instead, create a file with the same
# name as this one, but with a .rul extension instead of .def.  The
# .rul file will override this one.
#
# However, any changes you make to this file will be preserved.

# Cheat a bit...
. /etc/config

#: Masquerade packets from internal networks
if [ -n "$INTERNAL" -a -n "$EXTERNAL" ]; then
    for j in $EXTERNAL; do
        ipnm_cache $j
	DESTIP=$IPOFIF
        case $MASQMETHOD in
#        ipfwadm)
#            ;;
#        ipchains)
#            if [ -n "$PEEROFIF" ]; then
#		;;
#            else
#		;;
#            fi
#            ;;
	netfilter)
#	    if [ -n "$PEEROFIF" ]; then
#		;;
#	    else
		for port in ${SERVER_TCP_PORTS}; do
		    $IPTABLES -t nat -A PREROUTING -d $DESTIP -p tcp --destination-port $port -j DNAT --to-destination ${SERVER_IP}
		done
		for port in ${SERVER_UDP_PORTS}; do
		    $IPTABLES -t nat -A PREROUTING -d $DESTIP -p udp --destination-port $port -j DNAT --to-destination ${SERVER_IP}
		done
		for port in ${SERVER2_TCP_PORTS}; do
		    $IPTABLES -t nat -A PREROUTING -d $DESTIP -p tcp --destination-port $port -j DNAT --to-destination ${SERVER2_IP}
		done
		for port in ${SERVER2_UDP_PORTS}; do
		    $IPTABLES -t nat -A PREROUTING -d $DESTIP -p udp --destination-port $port -j DNAT --to-destination ${SERVER2_IP}
		done
#	    fi
	    ;;
        esac
        for i in $INTERNAL; do
            ipnm_cache $i
            case $MASQMETHOD in
            ipfwadm)
                $IPFWADM -F -a masq -W ${j%%:*} -S $IPOFIF/$NMOFIF
                ;;
            ipchains)
                if [ -n "$PEEROFIF" ]; then
                    $IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:*} -s $PEEROFIF/$NMOFIF
                else
                    $IPCHAINS --no-warnings -A forward -j MASQ -i ${j%%:*} -s $IPOFIF/$NMOFIF
                fi
                ;;
	    netfilter)
		if [ -n "$PEEROFIF" ]; then
		    $IPTABLES -t nat -A POSTROUTING -s $PEEROFIF/$NMOFIF -j MASQUERADE
		    $IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $PEEROFIF/$NMOFIF -j ACCEPT
		    $IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $PEEROFIF/$NMOFIF -j ACCEPT
		else
		    for port in ${SERVER_TCP_PORTS}; do
			$IPTABLES -t nat -A POSTROUTING -d ${SERVER_IP} -s $IPOFIF/$NMOFIF -p tcp --destination-port $port -j SNAT --to-source $IPOFIF
		    done
		    for port in ${SERVER_UDP_PORTS}; do
			$IPTABLES -t nat -A POSTROUTING -d ${SERVER_IP} -s $IPOFIF/$NMOFIF -p udp --destination-port $port -j SNAT --to-source $IPOFIF
		    done
		    for port in ${SERVER2_TCP_PORTS}; do
			$IPTABLES -t nat -A POSTROUTING -d ${SERVER2_IP} -s $IPOFIF/$NMOFIF -p tcp --destination-port $port -j SNAT --to-source $IPOFIF
		    done
		    for port in ${SERVER2_UDP_PORTS}; do
			$IPTABLES -t nat -A POSTROUTING -d ${SERVER2_IP} -s $IPOFIF/$NMOFIF -p udp --destination-port $port -j SNAT --to-source $IPOFIF
		    done
		    $IPTABLES -t nat -A POSTROUTING -s $IPOFIF/$NMOFIF -j MASQUERADE
		    $IPTABLES -A FORWARD -i $i -o ${j%%:*} -s $IPOFIF/$NMOFIF -j ACCEPT
		    $IPTABLES -A FORWARD -o $i -i ${j%%:*} -d $IPOFIF/$NMOFIF -j ACCEPT
		fi
	        ;;
            esac
        done
    done
fi