#!/bin/sh

# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.

# $Id: na+p-script 213 2009-07-07 15:23:03Z sra $

set -x

ip -6 tunnel add tun0 mode ipip6 remote 2001::1 local 2001:0:0:1::2 \
 dev eth2 encaplimit none
ip link set tun0 up
ip addr add 10.0.100.2 peer 10.0.100.1 dev tun0
ip route add 10.0.0.0/8 via 10.0.100.1
ip route add 192.0.2.0/24 via 10.0.100.1
ip route add 198.18.0.0/15 via 10.0.100.1
ip -6 route add 2001::/48 via 2001:0:0:1::1

# in /etc/sysctl.conf
#sysctl -w net.ipv4.ip_foward=1

iptables -t nat -A POSTROUTING -p tcp -s 10.0.10.0/24 -j SNAT \
	--to-source 198.18.200.3:10001-10099
iptables -t nat -A POSTROUTING -p udp -s 10.0.10.0/24 -j SNAT \
	--to-source 198.18.200.3:10001-10099
# not in the doc!
iptables -t nat -A POSTROUTING -p icmp -s 10.0.10.0/24 -j SNAT \
	--to-source 198.18.200.3:10000-10099

iptables -t nat -A PREROUTING -p tcp -d 198.18.200.3 --dport 10000 -j DNAT \
	--to-destination 10.0.10.2:5000
iptables -t nat -A PREROUTING -p udp -d 198.18.200.3 --dport 10000 -j DNAT \
	--to-destination 10.0.10.2:5000
iptables -t nat -A PREROUTING -p icmp -d 198.18.200.3 -j DNAT \
	--to-destination 10.0.10.2

iptables -t nat -A PREROUTING -p tcp -d 198.18.200.2 --dport 5001 -j DNAT \
	--to-destination 10.0.10.2:5001
iptables -t nat -A PREROUTING -p udp -d 198.18.200.2 --dport 5001 -j DNAT \
	--to-destination 10.0.10.2:5001
iptables -t nat -A PREROUTING -p icmp -d 198.18.200.2 -j DNAT \
	--to-destination 10.0.10.2
