#!/usr/bin/perl -w

# gforward.pl
# a generic forwarding tool for
# iptables.  Part of the gShield
# firewall.

# sanity check
die 	"Usage:   gforward.pl [external interface ][port on firewall] [destination ip] [destination port]\n",
	"Example: gforward.pl eth0 80 192.168.1.6 80 > test.rules && sh test.rules\n",
	"Example: gforward.pl eth0 80 192.168.1.6 80 >> /etc/firewall/gshield.last && /etc/firewall/gShield.rc\n"
	unless $ARGV[3];

# set variables
$IPTABLES = "/sbin/iptables";
($EXTERNAL, $FW_PORT, $DEST_IP, $DEST_PORT) = ($ARGV[0], $ARGV[1], $ARGV[2], $ARGV[3]);

# ensure options have been passed
die "Error: Invalid port\n" while ($DEST_PORT =~ /\D/) || ($DEST_PORT > 65535) || ($DEST_PORT < 1); 
die "Error: Invalid port\n" while ($FW_PORT =~ /\D/) || ($FW_PORT > 65535) || ($FW_PORT < 1);

# output
print	"$IPTABLES -I FORWARD -p tcp -d $DEST_IP --dport $DEST_PORT -j ACCEPT\n",      
	"$IPTABLES -I FORWARD -p udp -d $DEST_IP --dport $DEST_PORT -j ACCEPT\n", 
	"$IPTABLES -t nat -A PREROUTING -p tcp -i $EXTERNAL --dport $FW_PORT -j DNAT --to $DEST_IP:$DEST_PORT\n", 
	"$IPTABLES -t nat -A PREROUTING -p udp -i $EXTERNAL --dport $FW_PORT -j DNAT --to $DEST_IP:$DEST_PORT\n";