From 939750baa2b73803cb2c12ce7f82fd005ccc22ff Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 30 Jun 2002 14:35:32 +0000
Subject: [PATCH] Fix NAT_BEFORE_RULES=No

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@100 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 48a961b39..7cb41a277 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -2839,6 +2839,8 @@ apply_policy_rules() {
 ################################################################################
 activate_rules() {
 
+    local nat=1
+
     multi_interfaces=`find_interfaces_by_option multi`
 
     for zone in $zones; do
@@ -2852,8 +2854,14 @@ activate_rules() {
 	        $interface -d $subnet -j `rules_chain $FW $zone`
 
 	    if havenatchain $zone; then
-		run_iptables -t nat -A PREROUTING \
-		    -i $interface -s $subnet -j $zone
+		if [ -n "$NAT_BEFORE_RULES" ]; then
+		    run_iptables -t nat -A PREROUTING \
+			-i $interface -s $subnet -j $zone
+		else
+		    run_iptables -t nat -I PREROUTING $nat \
+			-i $interface -s $subnet -j $zone
+		    nat=$((nat+1))
+		fi
 	    fi
 
 	    run_iptables -A `input_chain $interface` -s $subnet \
@@ -2925,7 +2933,7 @@ define_firewall() # $1 = Command (Start or Restart)
 
     setup_proxy_arp
 
-    [ -n "$NAT_BEFORE_RULES" ] && setup_nat
+    setup_nat
 
     echo "Adding Common Rules"
 
@@ -2967,8 +2975,6 @@ define_firewall() # $1 = Command (Start or Restart)
 	fi
     done
 
-    [ -z "$NAT_BEFORE_RULES" ] && setup_nat
-
     policy=`find_file policy`
 
     echo "Processing $policy..."