#!/bin/sh

FW_EXTERNAL_IP=70.24.150.113 # The IP-address of the external interface of the firewall
FW_EXTERNAL_INTERFACE=eth0  # The external interface, if using -i instead of -d.
FW_EXTERNAL_PORT=8081  # The port to be forwarded
FW_INTERNAL_IP=192.168.0.10 # The IP-address of the internal interface of the firewall
INTERNAL_MACHINE_IP=192.168.0.20 # The IP-address of the machine on the internal network to be forwarded to.
INTERNAL_MACHINE_PORT=8081  # The port to be forwarded to

echo 1 > /proc/sys/net/ipv4/ip_forward

for INTERNAL_MACHINE_PORT in "81" "8081"
do
        set -- INTERNAL_MACHINE_PORT
        FW_EXTERNAL_PORT=$INTERNAL_MACHINE_PORT #Just for now...
        echo "Setting up forwarding from $FW_EXTERNAL_IP:$FW_EXTERNAL_PORT to $INTERNAL_MACHINE_IP:$INTERNAL_MACHINE_PORT"
# Forward packets coming in from the outside
        iptables -t nat -A PREROUTING -p tcp -d $FW_EXTERNAL_IP --dport $FW_EXTERNAL_PORT -j DNAT --to-destination $INTERNAL_MACHINE_IP:$INTERNAL_MACHINE_PORT

# Make it work from the firewall itself
        iptables -t nat -A OUTPUT -p tcp -d $FW_EXTERNAL_IP --dport $FW_EXTERNAL_PORT -j DNAT --to-destination $INTERNAL_MACHINE_IP:$INTERNAL_MACHINE_PORT

# Make responses on the internal network go through the firewall
        iptables -t nat -A POSTROUTING -p tcp -d $INTERNAL_MACHINE_IP --dport $INTERNAL_MACHINE_PORT -j SNAT --to-source $FW_INTERNAL_IP

# Allow forwarded packets
        iptables -A FORWARD -p tcp -d $INTERNAL_MACHINE_IP --dport $INTERNAL_MACHINE_PORT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED
done