=================================================================== RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v retrieving revision 2.65 retrieving revision 2.66 diff -u -p -r2.65 -r2.66 --- scripts/shell/firewall/fw-universal.sh 2009/02/06 00:43:12 2.65 +++ scripts/shell/firewall/fw-universal.sh 2009/02/06 23:13:38 2.66 @@ -9,7 +9,7 @@ # Licensed under terms of GNU General Public License. # All rights reserved. # -# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.64 2009-02-06 00:38:56 rajo Exp $ +# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.65 2009-02-06 00:43:12 rajo Exp $ # # Changelog: # 2003-10-24 - created @@ -486,9 +486,13 @@ masquerade() if [ ! -z "$NAT_TCP_PORT_FORWARD" ]; then print_info -en "\tForwarding TCP ports to local machines:" for redirect in $NAT_TCP_PORT_FORWARD; do - eval `echo $redirect | $AWK -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'` - print_info -en " $src_port -> $local_machine:$dest_port" - $IPTABLES -t nat -A PREROUTING -p TCP -i $NAT_LAN_IFACE -d $lan_ip \ + #eval `echo $redirect | $AWK -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'` + eval `echo $redirect | \ + $AWK -v FS=: ' (NF == 3) { src_ip = "$lan_ip" ; src_port = $1; local_machine = $2; dest_port = $3; } \ + (NF == 4) { src_ip = $1 ; src_port = $2; local_machine = $3; dest_port = $4; } \ + END { printf "src_ip=%s; src_port=%s; local_machine=%s; dest_port=%s;", src_ip, src_port, local_machine, dest_port; }'` + print_info -en " $src_ip:$src_port -> $local_machine:$dest_port" + $IPTABLES -t nat -A PREROUTING -p TCP -i $NAT_LAN_IFACE -d $src_ip \ --dport $src_port -j DNAT --to $local_machine:$dest_port $IPTABLES -A FORWARD -p TCP -i $NAT_LAN_IFACE -d $local_machine --dport $dest_port -j ACCEPT done @@ -497,7 +501,11 @@ masquerade() if [ ! -z "$NAT_UDP_PORT_FORWARD" ]; then print_info -en "\tForwarding UDP ports to local machines:" for redirect in $NAT_UDP_PORT_FORWARD; do - eval `echo $redirect | $AWK -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'` + #eval `echo $redirect | $AWK -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'` + eval `echo $redirect | \ + $AWK -v FS=: ' (NF == 3) { src_ip = "$lan_ip" ; src_port = $1; local_machine = $2; dest_port = $3; } \ + (NF == 4) { src_ip = $1 ; src_port = $2; local_machine = $3; dest_port = $4; } \ + END { printf "src_ip=%s; src_port=%s; local_machine=%s; dest_port=%s;", src_ip, src_port, local_machine, dest_port; }'` print_info -en " $src_port -> $local_machine:$dest_port" $IPTABLES -t nat -A PREROUTING -p UDP -i $NAT_LAN_IFACE -d $lan_ip \ --dport $src_port -j DNAT --to $local_machine:$dest_port