#!/bin/bash -f

# (C) Copyleft mtodorov 2007-2017

# mtodorov, 2017-08-28
#     added enabling and disabling without (de)configuring FW rules

# mtodorov, 2015-10-06,
#     closed race condition
#     allowed permanent conn stats w SNAT

# mtodorov, 2007-11-28
# mtodorov, modified 2015-07-14

IPTABLES=/sbin/iptables
EXT_IFACE=eth0
INT_IFACE=eth1

enable_forwarding ()
{
	echo "1" > /proc/sys/net/ipv4/ip_forward
}

disable_forwarding ()
{
	echo "0" > /proc/sys/net/ipv4/ip_forward
}

case "$1" in
    start)

	# $IPTABLES -P FORWARD DROP
	# $IPTABLES -F FORWARD
	# $IPTABLES -F INPUT
	# $IPTABLES -t nat -F

	$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 161.53.235.3
	$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
	$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT

        echo -n "   Starting SNAT functionality on ${EXT_IFACE} ... "
	enable_forwarding
	echo "done."

        ;;

    stop|deconfigure)
        echo -n "   Stopping SNAT functionality on ${EXT_IFACE} ... "
        disable_forwarding
	$IPTABLES -F FORWARD
	$IPTABLES -F INPUT
	$IPTABLES -t nat -F
	echo "done."
	;;

    reset|restart)
        $0 stop;
	$0 start;
	;;

    enable)
        echo -n "   Enabling the forwarding on ${EXT_IFACE} ... "
	enable_forwarding
	echo "done."
	;;

    disable)
        echo -n "   Disabling the forwarding on ${EXT_IFACE} ... "
	disable_forwarding
	echo "done."
	;;

esac