Hi Abe,
Am very interested in seeing the conversion of 1to1 to 5.6
Have been looking at your scripts and the iptable implementation and damn my head is spinning . . .
The firewall incursion part of your script is pretty similar between ipchains and iptables so these should basically work with minor changes.
go here for differences
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-7.htmlHere is a basic output for one ip on your script
ip rule add from 192.168.0.202 nat 200.200.200.201 table main
ip route add nat 200.200.200.201 via 192.168.0.202 table local
ipchains -b -I forward 2 -p all -d 192.168.0.202 -j ACCEPT
ipchains -b -I forward 2 -p all -s 200.200.200.201 -j ACCEPT
ipchains -I input 2 -p all -s 0/0 -d 200.200.200.201 -j ACCEPT
As I said the last three rules should work ok with iptables with minor changes.
The major difference is that it appears iptables uses a separate subsystem for NAT control or at least the how-to says this though I cant find it implemented that way in 5.6. Anyway my brain shut down somewhere around trying to get my head around the NAT used in 5.6.
Anyway here are the official how-tos for both systems
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.htmlhttp://www.linuxguruz.com/iptables/howto/ipnatctl-HOWTO.htmlWas also thinking it would probably be useful to introduce basic port control here.
eg. -dport 80 as I expect most people are needing this module to support a DMZ and restricting ports at the SME makes it all the more useful.
Anyway please let me know if I can help i.e. maybe puting into an rpm or something or panel?
hope this helps at all
Ben