+# IPTABLES {{{
+function runIptables
+{
+ if [[ $IPTABLES_SNAT_ != "true" ]]; then
+ return
+ fi
+ startIptables
+}
+
+function startIptables
+{
+ if [ -x /sbin/iptables ] ; then
+ if [[ $NAT_INTERFACE_ != "" ]]; then
+ local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn`
+
+ if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then
+ echo "Rule for SNAT already present, nothing to be done."
+ else
+ echo "Setting up SNAT for terminalserver clients on ${NAT_INTERFACE_}:"
+ echo "* iptables -t nat -F POSTROUTING"
+ echo -n "* iptables -t nat -A POSTROUTING -o $NAT_INTERFACE_ -j SNAT --to-source $nat_source_ip_ ... "
+ { iptables -t nat -F POSTROUTING && \
+ iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE_" -j SNAT --to-source "$nat_source_ip_" ; } && \
+ echo done || echo failed
+ fi
+ if [ `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ]; then
+ echo "IP-Forwarding already enabled, nothing to be done."
+ else
+ echo -n "Enabling IP-Forwarding: "
+ echo 1 > /proc/sys/net/ipv4/ip_forward && echo done || echo failed
+ fi
+ fi
+ else
+ warn "iptables executable not avilable"
+ fi
+}
+
+function stopIptables
+{
+ if [[ $IPTABLES_SNAT_ != "true" ]]; then
+ return
+ fi
+ if [ -x /sbin/iptables ] ; then
+ if [[ $NAT_INTERFACE_ != "" ]]; then
+ local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn`
+
+ if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then
+ iptables -t nat -F POSTROUTING &>/dev/null && \
+ iptables -t nat -D POSTROUTING -o "$NAT_INTERFACE_" -j SNAT --to-source "$nat_source_ip_"
+ fi
+ echo 0 > /proc/sys/net/ipv4/ip_forward
+ fi
+ fi
+}
+# }}}
+