#!/bin/csh -f
# config_proxy
# -----------------------------------------------------------------------------
# Shell script to configure this server as a proxy server for the specified
# local port to the specified target port on the specified target server.
# -----------------------------------------------------------------------------
# Usage:  See Usage section below or run with -h or --help option to see usage.
# Assumptions:
# Effects:
# Notes:
# Implementation Notes:
# Portability Issues:
# Revision History:
#   $Log$
# -----------------------------------------------------------------------------

if ("$1" == "" || "$1" == "-h" || "$1" == "--help") then
   echo "Usage: $0:t [-D] local_port target_port target_IP_address"
   echo "       $0:t -L"
   echo "options:"
   echo "None = Add the proxy configuration"
   echo "-D   = Delete the proxy configuration"
   echo "-L   = List the current proxy configurations"
   echo "To make it permanent, add to /etc/rc.d init files."
   exit 1
endif

# Re-run as root, if not already root
if ("`whoami`" != "root") then
    sudo $0:q $*:q
    exit $status
endif

# Collect command line options
set iptables_action_option  = "-A"
set iptables_action_message = "create"
set iptables_list_option  = "false"
while ($#argv > 0)
    if ("$1" == "-h" || "$1" == "--help") then
        shift
        # If help option was anywhere among the options, call recursively
        # with just that option, and exit.
        $0:t --help
        exit 1
    else if ("$1" == "-D") then
        shift
        set iptables_action_option = "-D"
        set iptables_action_message = "delete"
    else if ("$1" == "-L") then
        shift
        set iptables_list_option  = "true"
    else
        # Not a recognized option.  Assume it's the first parameter
        break
    endif
end

if ("$iptables_list_option" == "true") then
    if ($#argv > 0) then
        beep "-L option must be specified alone"
        $0:t --help
        exit 1
    else
        echo "************************************************************************"
        echo "Current iptables settings:"
        echo "************************************************************************"
        sudo iptables -t nat -L -v -n
        echo "************************************************************************"
        exit 0
    endif
endif

if ($#argv < 3) then
    beep "Must specify 3 parameters"
    $0:t --help
    exit 1
endif

# Note: Must find local_ip_address in the same folder as this command because
#       when run via sudo, or as root at boot time, it may not be on the PATH.
set local_ip=`$0:h/local_ip_address`
set local_port=$1
set target_port=$2
set target_ip=$3

echo "************************************************************************"
echo "iptables before the change:"
echo "************************************************************************"
sudo iptables -t nat -L -v -n
echo "************************************************************************"
echo ""

echo "************************************************************************"
echo "Commands to  ${iptables_action_message} proxy ${local_ip}:${local_port} --> ${target_port}:${target_ip}"
echo "************************************************************************"
echo "iptables -t nat ${iptables_action_option} PREROUTING --dst $local_ip -p tcp --dport $local_port -j DNAT --to-destination ${target_ip}:${target_port}"
      iptables -t nat ${iptables_action_option} PREROUTING --dst $local_ip -p tcp --dport $local_port -j DNAT --to-destination ${target_ip}:${target_port}
set rc = $status
if ($rc != 0) then
    echo "Error trying to ${iptables_action_message} proxy ${local_ip}:${local_port} --> ${target_port}:${target_ip}"
    exit $rc
endif 

echo "iptables -t nat ${iptables_action_option} POSTROUTING -p tcp --dst $target_ip --dport $target_port -j SNAT --to-source $local_ip"
      iptables -t nat ${iptables_action_option} POSTROUTING -p tcp --dst $target_ip --dport $target_port -j SNAT --to-source $local_ip
set rc = $status
if ($rc != 0) then
    echo "Error trying to ${iptables_action_message} proxy ${local_ip}:${local_port} --> ${target_port}:${target_ip}"
    exit $rc
endif 

echo "iptables -t nat ${iptables_action_option} OUTPUT --dst $local_ip -p tcp --dport $local_port -j DNAT --to-destination ${target_ip}:${target_port}"
      iptables -t nat ${iptables_action_option} OUTPUT --dst $local_ip -p tcp --dport $local_port -j DNAT --to-destination ${target_ip}:${target_port}
set rc = $status
if ($rc != 0) then
    echo "Error trying to ${iptables_action_message} proxy ${local_ip}:${local_port} --> ${target_port}:${target_ip}"
    exit $rc
endif 

echo "echo 1 > /proc/sys/net/ipv4/ip_forward"
      echo 1 > /proc/sys/net/ipv4/ip_forward
set rc = $status
if ($rc != 0) then
    echo "Error trying to ${iptables_action_message} proxy ${local_ip}:${local_port} --> ${target_port}:${target_ip}"
    exit $rc
endif 

echo ""
echo "************************************************************************"
echo "iptables after the change:"
echo "************************************************************************"
sudo iptables -t nat -L -v -n
echo "************************************************************************"
echo ""

echo ""
echo "To make this change permanent, add the command to the /etc/rc.d init files."