From b753104617a340f79e83e09ed7d7c2e83ecee12b Mon Sep 17 00:00:00 2001
From: bbruns <bbruns@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Sat, 21 Aug 2010 17:00:41 +0000
Subject: [PATCH] NAT code fixes

---
 rc.firewall | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/rc.firewall b/rc.firewall
index 944405a..de8621d 100755
--- a/rc.firewall
+++ b/rc.firewall
@@ -304,21 +304,23 @@ if [ $NAT ]; then
 		display_c YELLOW "Adding NAT rule: " N
 		for i in $NAT_RANGE; do
 			NAT_RULE=( ${i//:/ } )
-			case $NAT_RULE[1] in
+			case $NAT_RULE[0] in
 			SNAT)
-				$IPTABLES -A POSTROUTING -t nat -i ${NAT_RULE[2]} -s ${NAT_RULE[3]} -j SNAT \
-					-o ${NAT_RULE[4]} --to-source ${NAT_RULE[5]} 
-					display_c PURPLE "SNAT:${NAT_RULE[2]}:${NAT_RULE[3]}->${NAT_RULE[4]}:${NAT_RULE[5]} " N
+				$IPTABLES -A POSTROUTING -t nat -i ${NAT_RULE[1]} -s ${NAT_RULE[2]} -j SNAT \
+					-o ${NAT_RULE[3]} --to-source ${NAT_RULE[4]} 
+					display_c PURPLE "SNAT:${NAT_RULE[1]}:${NAT_RULE[2]}->${NAT_RULE[3]}:${NAT_RULE[4]} " N
+					$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o ${NAT_RULE[3]} -j ACCEPT
+					$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed -o ${NAT_RULE[3]} -j ACCEPT
 					;;
 			MASQ)
-				$IPTABLES -A POSTROUTING -t nat -i ${NAT_RULE[2]} -s ${NAT_RULE[3]} \
-					-j MASQUERADE -o ${NAT_RULE[4]}
-					display_c PURPLE "MASQ:${NAT_RULE[2]}:${NAT_RULE[3]}->${NAT_RULE[4]} " N
+				$IPTABLES -A POSTROUTING -t nat -i ${NAT_RULE[1]} -s ${NAT_RULE[2]} \
+					-j MASQUERADE -o ${NAT_RULE[3]}
+					display_c PURPLE "MASQ:${NAT_RULE[1]}:${NAT_RULE[2]}->${NAT_RULE[3]} " N
+					$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o ${NAT_RULE[3]} -j ACCEPT
+					$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed -o ${NAT_RULE[3]} -j ACCEPT
 					;;
 				*) display_c RED "Invalid NAT rule in NAT_RANGE" ;;
 			esac
-			$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o ${NAT_RULE[4]} -j ACCEPT
-			$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed -o ${NAT_RULE[4]} -j ACCEPT
 		done
 		echo -ne "\n"
 	fi			
@@ -327,7 +329,7 @@ if [ $NAT ]; then
 	for i in $NATRANGE; do
 		$IPTABLES -A POSTROUTING -t nat -s $i -o $NATEXTIF -j SNAT --to-source $NATEXTIP
 	done
-	 This is necessary to make sure that PMTU works
+	 #This is necessary to make sure that PMTU works
 	$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o $NATEXTIF \
 			-j ACCEPT
 	$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed \