#!/bin/bash


# For packet forwarding and Masquerading
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d ! 10.8.0.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.69.0.0/24 -d ! 10.69.0.0/24 -j MASQUERADE


# For Public services for kvanals.org (We're leaving 2222 so we can actually get back INTO the UML)
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 22 -j DNAT --to-destination 10.69.0.1:22
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 25 -j DNAT --to-destination 10.69.0.1:25
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p udp -d 217.160.244.176 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 80 -j DNAT --to-destination 10.69.0.1:80
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 113 -j DNAT --to-destination 10.69.0.1:113
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 110 -j DNAT --to-destination 10.69.0.1:110
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 143 -j DNAT --to-destination 10.69.0.1:143
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 587 -j DNAT --to-destination 10.69.0.1:587
#iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 2222 -j DNAT --to-destination 10.69.0.1:2222
iptables -t nat -A PREROUTING  -p tcp -d 217.160.244.176 --dport 8080 -j DNAT --to-destination 10.69.0.1:8080

iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 22 -j DNAT --to-destination 10.69.0.1:22
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 25 -j DNAT --to-destination 10.69.0.1:25
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p udp -d 10.8.0.30 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 80 -j DNAT --to-destination 10.69.0.1:80
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 113 -j DNAT --to-destination 10.69.0.1:113
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 110 -j DNAT --to-destination 10.69.0.1:110
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 143 -j DNAT --to-destination 10.69.0.1:143
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 587 -j DNAT --to-destination 10.69.0.1:587
#iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 2222 -j DNAT --to-destination 10.69.0.1:2222
iptables -t nat -A PREROUTING  -p tcp -d 10.8.0.30 --dport 8080 -j DNAT --to-destination 10.69.0.1:8080

iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 22 -j DNAT --to-destination 10.69.0.1:22
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 25 -j DNAT --to-destination 10.69.0.1:25
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p udp -d 10.69.0.11 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 80 -j DNAT --to-destination 10.69.0.1:80
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 113 -j DNAT --to-destination 10.69.0.1:113
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 110 -j DNAT --to-destination 10.69.0.1:110
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 143 -j DNAT --to-destination 10.69.0.1:143
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 587 -j DNAT --to-destination 10.69.0.1:587
#iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 2222 -j DNAT --to-destination 10.69.0.1:2222
iptables -t nat -A PREROUTING  -p tcp -d 10.69.0.11 --dport 8080 -j DNAT --to-destination 10.69.0.1:8080

iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 22 -j DNAT --to-destination 10.69.0.1:22
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 25 -j DNAT --to-destination 10.69.0.1:25
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p udp -d 10.13.0.2 --dport 53 -j DNAT --to-destination 10.69.0.1:53
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 80 -j DNAT --to-destination 10.69.0.1:80
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 113 -j DNAT --to-destination 10.69.0.1:113
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 110 -j DNAT --to-destination 10.69.0.1:110
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 143 -j DNAT --to-destination 10.69.0.1:143
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 587 -j DNAT --to-destination 10.69.0.1:587
#iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 2222 -j DNAT --to-destination 10.69.0.1:2222
iptables -t nat -A PREROUTING  -p tcp -d 10.13.0.2 --dport 8080 -j DNAT --to-destination 10.69.0.1:8080


# For IPv6 on kvanals.org
iptables -t nat -A PREROUTING -d 217.160.244.176 -p 41 -j DNAT --to-destination 10.69.0.1


# Block pings to kvanals.org
iptables -t filter -A INPUT -p icmp -m icmp --icmp-type echo-request -d 217.160.244.176 -j DROP

# Block some services
iptables -t filter -A INPUT --protocol tcp --dport 111 -j REJECT