#!/bin/bash
case "$1" in
    start)
	echo "Enabling firewall...."
	AWK=/usr/bin/awk
	IFCONFIG=/sbin/ifconfig
	EXTIF="eth0"
	EXTIP="`$IFCONFIG $EXTIF | $AWK /$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
	echo "IP detected as $EXTIP"
	
	iptables -t nat -F POSTROUTING
	iptables -t nat -F PREROUTING
	iptables -F FORWARD
	iptables -F INPUT
	iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to $EXTIP
	iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 443 -i eth0  -j DNAT --to 192.168.1.2:443
	iptables -t nat -A PREROUTING -p udp -d $EXTIP --dport 443 -i eth0  -j DNAT --to 192.168.1.2:443
	iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 1046 -i eth0 -j DNAT --to 192.168.1.2:1046
	iptables -t nat -A PREROUTING -p udp -d $EXTIP --dport 1046 -i eth0 -j DNAT --to 192.168.1.2:1046
	iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 21 -i eth0   -j DNAT --to 192.168.1.2:21
	iptables -t nat -A PREROUTING -p udp -d $EXTIP --dport 21 -i eth0   -j DNAT --to 192.168.1.2:21
	iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 20 -i eth0   -j DNAT --to 192.168.1.2:20
	iptables -t nat -A PREROUTING -p udp -d $EXTIP --dport 20 -i eth0   -j DNAT --to 192.168.1.2:20
	iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 113 -i eth0  -j DNAT --to 192.168.1.2:113
	iptables -t nat -A PREROUTING -p udp -d $EXTIP --dport 113 -i eth0  -j DNAT --to 192.168.1.2:113
	iptables -t nat -A PREROUTING -d $EXTIP -i eth0 -j DROP
	
	iptables -A FORWARD -t filter -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
	iptables -A FORWARD -t filter -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A INPUT -p tcp -i eth1 -s 192.168.1.2 --dport 5222 -j ACCEPT
	iptables -A INPUT -p udp -i eth1 -s 192.168.1.2 --dport 5222 -j ACCEPT
	iptables -A INPUT -j ACCEPT -s 192.168.1.0/24 -i eth1
	iptables -A OUTPUT -j ACCEPT -d 192.168.1.0/24 -o eth1
	
	echo "done.";	
	;;
    stop)
	echo "Disabling firewall...."
	iptables -t nat -F PREROUTING
	iptables -t nat -F POSTROUTING
	iptables -F INPUT
	iptables -F OUTPUT
	ifconfig eth0 down
	echo "done."
	;;
    *)
	echo "usage : nic {start | stop}"
	exit 1
esac
exit 0