#!/bin/sh
# Do source NAT, from the outside world to the inside.
# The following commands map an outside (internet land) address to an internal 
# (behind the firewall) address:
#
#    For all ports:
# 	inNAT <outside-addr> <inside-addr>
#    For specific port x protocol y:
#	inNAT <outside-addr> <y> <x> <inside-addr>
#    For specific port x prot y to port z:
#	inNAT <outside-addr> <y> <x> <inside-addr> <z>
#
# NOTE: This does not handle icmp since it uses --icmp-type instead of --dport.

if [ "$3" != "" ]; then
	if [ "$2" = "icmp" ]; then
		TARGETTYPE=--icmp-type
	else
		TARGETTYPE=--dport
	fi
		
fi

if [ "$1" = "" ]; then
	echo Do source NAT from the outside world to the inside.
	echo - For all ports:
	echo  inNAT outside-addr inside-addr
	echo
	echo - For specific port x protocol y:
	echo  inNAT outside-addr y x inside-addr
	echo
	echo - For specific port x prot y to port z:
	echo  inNAT outside-addr y x inside-addr z
	echo
	echo Where outside-addr is the external address or range and 
	echo inside-addr is the internal IP address.
	echo
elif [ "$3" = "" ]; then
	iptables -t nat -A PREROUTING -d $1 -j DNAT --to $2
elif [ "$5" = "" ]; then
	iptables -t nat -A PREROUTING -d $1 -p $3 $TARGETTYPE $2 -j DNAT --to $4
else
	iptables -t nat -A PREROUTING -d $1 -p $3 $TARGETTYPE $2 -j DNAT --to $4:$5
fi