[Ferm] port forwarding question

[Max]

Hi.

There are nice example of ferm config for dsl router with dynamic ip
(dsl_router.ferm) and dm router with port forwarding (dmz_router.ferm) which comes
alongside with .deb package.

The problem is that I have to use port forwarding on dsl router with dynamic IP - and
it's not immediately clear how to do that from the documentation.

What I've tried (and what didn't work) so far:

@def $DEV_PRIVATE = (eth2 eth1);
@def $DEV_WORLD = ppp0;
@def $NET_PRIVATE = (192.168.2.0/24 192.168.3.0/24);

@def &FORWARD_PORT($proto, $port, $dest) = {
    table nat chain PREROUTING interface $DEV_WORLD proto $proto dport $port DNAT to
$dest;
}

table filter {
    chain INPUT {
        policy DROP;
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
        interface lo ACCEPT;
        proto icmp icmp-type echo-request ACCEPT;
        proto tcp dport (ssh http https) ACCEPT;
        interface $DEV_PRIVATE saddr $NET_PRIVATE {
            proto (udp tcp) dport domain ACCEPT;
        }
    }

    chain OUTPUT policy ACCEPT;

    chain FORWARD {
        policy DROP;
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
        interface $DEV_PRIVATE ACCEPT;
    }
}

table nat {
    chain POSTROUTING {
        saddr $NET_PRIVATE outerface $DEV_WORLD MASQUERADE;
    }
}

&FORWARD_PORT(tcp, 2202, 192.168.2.2:22);
&FORWARD_PORT(tcp, 2203, 192.168.2.3:22);
&FORWARD_PORT((tcp udp), 5060, 192.168.2.3);
&FORWARD_PORT(udp, 10000:20000, 192.168.2.3);

Here ppp0 is interface which appears after establishment of PPPoE connection,
192.168.* are internal networks behind eth2, eth3 interfaces correspondingly.

I'd appreciate any help figuring out how to properly write FORWARD_PORT() function
which handles forwarding to different port correctly.

best regards,
Max.