===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.18
retrieving revision 2.19
diff -u -p -r2.18 -r2.19
--- scripts/shell/firewall/fw-universal.sh	2005/03/01 21:47:20	2.18
+++ scripts/shell/firewall/fw-universal.sh	2005/03/01 23:17:11	2.19
@@ -9,7 +9,7 @@
 # Licensed under terms of GNU General Public License.
 # All rights reserved.
 #
-# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.17 2005/01/16 17:24:23 rajo Exp $
+# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.18 2005/03/01 21:47:20 rajo Exp $
 #
 # Changelog:
 # 2003-10-24 - created
@@ -341,6 +341,19 @@ masquerade()
 		#$IPTABLES -A FORWARD -p ICMP -j LOG --log-prefix "FWD ICMP: "
 		echo " done."
 
+		# Port forwarding to local machines
+		if [ ! -z "$NAT_TCP_PORT_FORWARD" ]; then
+			echo -en "\tForwarding ports to local machines:"
+			for redirect in $NAT_TCP_PORT_FORWARD; do
+				eval `echo $redirect | awk -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'`
+				echo -en " $src_port -> $local_machine:$dest_port"
+				$IPTABLES -t nat -A PREROUTING -p TCP -i $NAT_LAN_IFACE -d ${!lan_ip} \
+				--dport $src_port -j DNAT --to $local_machine:$dest_port
+				$IPTABLES -A FORWARD -p TCP -i eth0 -d $local_machine --dport $dest_port -j ACCEPT
+			done
+			echo " done."
+		fi
+
 		# Keep state of connections from private subnets
 		$IPTABLES -A OUTPUT  -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT
 		#$IPTABLES -A FORWARD -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT