#!/bin/bash

# Disable forwarding while processing rules
echo 0 > /proc/sys/net/ipv4/ip_forward

# defenition of internal / external interface
ext_if="eth0"
int_if="eth1"

# We need sed
SED=`which sed`

#
# Function should be called with the ip to forward to in the first parameter 
# and the port (fmt_port) as the second
#
# fmt_port can be either just a regular port eg. 22 to forward all traffic 
# from me:22 to forward_ip:22
# it can be written 22(42) to forward all traffic from me:42 to 
# forward_ip:22
# or called with a range eg. 42:1042 to forward all traffic from me:42-1024
# to forward_ip:42-1042
#
# Author Mads SŸlau J¿rgensen dec 2003
#
forward() {
    if [ -z "$1" ]; then
	echo "forward called without addr param"
	return
    elif [ -z "$2" ]; then 
	echo "forward called without ports param"
	return
    fi
    
    for port in $2; do
	# is it a port range (contains a :) or origport(destport) or just a port
	case "$port" in
	    *":"*)
		iptables -A INPUT -j ACCEPT -p tcp --dport $port
		iptables -A FORWARD -j ACCEPT -p tcp --dport $port
		iptables -t nat -A PREROUTING -i $int_if -p tcp --dport $port -j DNAT --to $1
		;;
	    *"("*")")
		# get the dest and orig ports, using sed
		dest=$(echo -n "$port" | $SED -n -e 's/[^(]*(//' -e 's/)$//p')
		orig=$(echo -n "$port" | $SED -n -e 's/(.*//p')
		
		iptables -A INPUT -j ACCEPT -p tcp --dport $orig
		iptables -A FORWARD -j ACCEPT -p tcp --dport $orig
		iptables -t nat -A PREROUTING -i $int_if -p tcp --dport $orig -j DNAT --to $1:$dest
		;;
	    *)
		iptables -A INPUT -j ACCEPT -p tcp --dport $port
		iptables -A FORWARD -j ACCEPT -p tcp --dport $port
		iptables -t nat -A PREROUTING -i $int_if -p tcp --dport $port -j DNAT --to $1:$port
		;;
	esac
    done
}



# Forward FTP SSH SMTP HTTP POP3 IMAP MYSQL MYSQL4 and a port range
forward "192.168.1.3" "22 25 80 110 143 3306 3307 14000:14999"

# Forward SSH (port 60) and port range
forward "192.168.1.21" "60(22) 15000:15999"

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward