class firewall::virtual::jabber($destination, $zone = 'fw') {
  shorewall::rule { 'jabber-0':
    action          => 'DNAT',
    source          => 'net',
    destination     => "$zone:$destination:5222",
    proto           => 'tcp',
    destinationport => '5222',
    ratelimit       => '-',
    order           => 2200,
  }

  shorewall::rule { 'jabber-1':
    action          => 'DNAT',
    source          => '$FW',
    destination     => "$zone:$destination:5223",
    proto           => 'tcp',
    destinationport => '5223',
    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
    ratelimit       => '-',
    order           => 2201,
  }

  shorewall::rule { 'jabber-2':
    action          => 'DNAT',
    source          => 'net',
    destination     => "$zone:$destination:5269",
    proto           => 'tcp',
    destinationport => '5269',
    ratelimit       => '-',
    order           => 2202,
  }

  shorewall::rule { 'jabber-3':
    action          => 'DNAT',
    source          => '$FW',
    destination     => "$zone:$destination:4369",
    proto           => 'tcp',
    destinationport => '4369',
    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
    ratelimit       => '-',
    order           => 2203,
  }

  shorewall::rule { 'jabber-4':
    action          => 'DNAT',
    source          => '$FW',
    destination     => "$zone:$destination:4370",
    proto           => 'tcp',
    destinationport => '4370:4375',
    originaldest    => lookup('firewall::external_ip', undef, undef, $::ipaddress),
    ratelimit       => '-',
    order           => 2204,
  }
}