#!/bin/bash
#
# Description:
# Sample script for a Linux firewall between TheGreenBow VPN client and an IPSec Server.
# This script can be used for translating requests from other ports than 
# UDP 500 and UDP 4500. In this example, requests received onto UDP port 80 and 443 
# are forwarded onto UDP 500 and UDP 4500 on an IPSec Server. 
# 
# The servers used for this configuration are:
# 1) Linux firewall
#     This Linux firewall have two network interfaces: WAN and LAN with IP subnet 172.16.240.0/24
#     The Linux firewall must have a kernel supporting iptables.
# 2) IPSec Server 
#     The IPSec Server is on the LAN network with IP 172.16.240.11
#
# The Linux firewall redirects requests on UDP port 500, 4500, 80 and 443 to the IPSec server.
#
# Author: TheGreenBow support <support@thegreenbow.com>
# Date  : 2009-07-17
#

# The following settings can be changed according to your needs.
IP_SRV_IPSEC="172.16.240.11"  
FAKE_IKE_PORT="80"
FAKE_IKE_NAT_PORT="443"

iptables -F
iptables -t nat -F

iptables -t nat -A PREROUTING -i eth0 -p udp --dport 500 -j DNAT --to-destination $IP_SRV_IPSEC:500
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 4500 -j DNAT --to-destination $IP_SRV_IPSEC:4500
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $FAKE_IKE_PORT -j DNAT --to-destination $IP_SRV_IPSEC:500
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $FAKE_IKE_NAT_PORT -j DNAT --to-destination $IP_SRV_IPSEC:4500

#iptables -A FORWARD -j LOG --log-level INFO

echo "1" > /proc/sys/net/ipv4/ip_forward