Replace /etc/e-smith/templates/etc/rc.d/init.d/masq/91ajustPortForward with this:
# ------------------------ cut here ----------------------------------------
#
# Corrected UDP PortForwarding Bug! (by Néstor D. Díaz - nestorddiaz@matelogic.com.ar)
#
{
my $pf_chain = "PortForwarding_\$\$";
$OUT .= "# Create a new PortForwarding chain\n";
$OUT .= "PFC=\$(/sbin/iptables --table nat ";
$OUT .= "--numeric --list PortForwarding |\\\n";
$OUT .= " sed -n '3s/ .*//p')\n";
$OUT .= " /sbin/iptables --table nat --new-chain $pf_chain\n";
foreach my $protocol (qw(tcp udp))
{
my $uproto = uc $protocol;
my $propname = $uproto . "Forwards";
my %forwards = split(/,/, $masq{$propname} || '');
foreach my $port (keys %forwards)
{
my ($ip, $dport) = split(/:/, $forwards{$port});
$port =~ s/-/:/;
$OUT .= " /sbin/iptables --table nat --append $pf_chain " .
"--protocol $protocol \\\n".
# Set up local port to forward
" --destination-port ${port} -j DNAT " .
# Set up the remote port to forward to
"--to-destination $ip";
# Append the dport if any.
$OUT .= ":$dport" if $dport;
$OUT .= "\n";
# And accept the incoming packets. Use the dport if there is one.
($port = $dport) =~ s/-/:/ if $dport;
# If this rule is forwarding to localhost, ExternalIP or LocalIP,
# then we must allow it on the INPUT chain instead of the FORWARD
# chain.
if (($ip eq '127.0.0.1') ||
($ip eq $InternalInterface{IPAddress}))
{
# Bad doggie! Bad!
die "Port-forwarding to localhost or internal interface not permitted.\n";
}
elsif ($ip eq $ExternalInterface{IPAddress})
{
if ($uproto eq 'tcp')
{
$OUT .= " adjust_tcp_in $port ACCEPT Inbound${uproto}_\$\$\n";
}
else
{
$OUT .= " adjust_udp_in $port ACCEPT Inbound${uproto}_\$\$\n";
}
}
else
{
if ($uproto eq 'tcp')
{
$OUT .= " adjust_tcp_in $port ACCEPT Forwarded${uproto}_\$\$ $ip/32\n";
}
else
{
$OUT .= " adjust_udp_in $port ACCEPT Forwarded${uproto}_\$\$ $ip/32\n";
}
}
}
}
# having created a new PortForwarding chain, activate it and destroy
# the old.
$OUT .= " /sbin/iptables --table nat --replace PortForwarding 1 " .
"--destination \$OUTERNET --jump $pf_chain\n";
$OUT .= " /sbin/iptables --table nat --flush \$PFC\n";
$OUT .= " /sbin/iptables --table nat --delete-chain \$PFC\n";
}
# ------------------------ cut here ----------------------------------------
Or Download this file from:
http://www.matelogic.com.ar/91adjustPortForwardCheers!