define firewall::router::rsync($destination, $port_orig = '873', $port_dest = '', $zone = 'loc',
                             $originaldest = $ipaddress) {
  shorewall::rule { "rsync-$name-1":
    action          => 'DNAT',
    source          => 'net',
    destination     => $port_dest ? {
      ''      => "$zone:$destination",
      default => "$zone:$destination:$port_dest",
    },
    proto           => 'tcp',
    destinationport => "$port_orig",
    ratelimit       => '-',
    order           => "26$port_orig",
  }

  shorewall::rule { "rsync-$name-2":
    action          => 'DNAT',
    source          => '$FW',
    destination     => $port_dest ? {
      ''      => "$zone:$destination",
      default => "$zone:$destination:$port_dest",
    },
    proto           => 'tcp',
    destinationport => "$port_orig",
    originaldest    => "$originaldest",
    ratelimit       => '-',
    order           => "26$port_orig",
  }
}