# See http://www.shorewall.net/FAQ.htm#faq2
define firewall::implementations::shorewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www',
                                     $external_ip = '$ETH0_IP', $interface = 'eth1',
                                     $destination = '192.168.1.100', $source = 'eth1',
                                     $source_zone = 'loc', $dest_zone = 'loc',
                                     $port_dest = '') {
  shorewall::masq { "routeback-$name":
    interface => "$interface:$destination",
    source    => $source,
    address   => $external_ip,
    proto     => $proto,
    port      => $port,
    order     => $order,
  }

  shorewall::rule { "routeback-$name":
    action          => 'DNAT',
    source          => $source_zone,
    destination     => $port_dest ? {
      ''      => "$dest_zone:$destination",
      default => "$dest_zone:$destination:$port_dest",
    },
    proto           => $proto,
    destinationport => $port,
    ratelimit       => '-',
    order           => $order,
    originaldest    => $external_ip,
  }
}