#!/bin/sh

run_iptables() {
    if ! iptables $@ ; then
	echo "iptables returned error; have you built netfilter?"; exit 1
    fi
}

ifconfig eth0 up
ifconfig eth0:xen 169.254.1.0 up

run_iptables -t filter -F
run_iptables -t nat -F
run_iptables -t filter -X
run_iptables -t nat -X
run_iptables -t filter -P FORWARD DROP
run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT
run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN
run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

#set up some port redirects for ssh
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2201 -j DNAT --to 169.254.1.1:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2202 -j DNAT --to 169.254.1.2:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2203 -j DNAT --to 169.254.1.3:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2204 -j DNAT --to 169.254.1.4:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2205 -j DNAT --to 169.254.1.5:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2206 -j DNAT --to 169.254.1.6:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2207 -j DNAT --to 169.254.1.7:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2208 -j DNAT --to 169.254.1.8:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2209 -j DNAT --to 169.254.1.9:22
run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2210 -j DNAT --to 169.254.1.10:22


