define firewall::virtual::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') {
  shorewall::rule { "munin-$name-1":
    action          => 'DNAT',
    source          => 'net',
    destination     => $port_dest ? {
      ''      => "$zone:$destination",
      default => "$zone:$destination:$port_dest",
    },
    proto           => 'tcp',
    destinationport => "$port_orig",
    ratelimit       => '-',
    order           => $order,
  }

  shorewall::rule { "munin-$name-2":
    action          => 'DNAT',
    source          => '$FW',
    destination     => $port_dest ? {
      ''      => "$zone:$destination",
      default => "$zone:$destination:$port_dest",
    },
    proto           => 'tcp',
    destinationport => "$port_orig",
    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
    ratelimit       => '-',
    order           => $order,
  }
}