#!/bin/sh

# Copyright (C) 2009-2010  Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.

# $Id: ha+p-script 1001 2010-11-30 18:56:00Z pselkirk $

set -x

ip -6 tunnel add tun0 mode ipip6 remote 2001::1 local 2001:0:0:2::2 \
 dev eth2 encaplimit none
ip link set tun0 up
ip addr add 192.0.0.2 peer 192.0.0.1 dev tun0
ip route add 10.0.0.0/8 via 192.0.0.1
ip route add 192.0.2.0/24 via 192.0.0.1
ip route add 198.18.0.0/15 via 192.0.0.1
ip -6 route add 2001::/48 via 2001:0:0:2::1

iptables -t nat -A POSTROUTING -p tcp -j SNAT \
	--to-source 198.18.200.3:20001-20099
iptables -t nat -A POSTROUTING -p udp -j SNAT \
	--to-source 198.18.200.3:20001-20099
# not in the doc!
iptables -t nat -A POSTROUTING -p icmp -j SNAT \
	--to-source 198.18.200.3:20000-20099

iptables -t nat -A PREROUTING -p tcp -d 198.18.200.3 --dport 20000 -j DNAT \
	--to-destination 10.0.2.2:5000
iptables -t nat -A PREROUTING -p udp -d 198.18.200.3 --dport 20000 -j DNAT \
	--to-destination 10.0.2.2:5000
iptables -t nat -A PREROUTING -p icmp -d 198.18.200.3 -j DNAT \
	--to-destination 10.0.2.2

iptables -t nat -A PREROUTING -p tcp -d 198.18.200.2 --dport 5002 -j DNAT \
	--to-destination 10.0.2.2:5001
iptables -t nat -A PREROUTING -p udp -d 198.18.200.2 --dport 5002 -j DNAT \
	--to-destination 10.0.2.2:5001
iptables -t nat -A PREROUTING -p icmp -d 198.18.200.2 -j DNAT \
	--to-destination 10.0.2.2
