# !/bin/bash2
#
# chkconfig: 345 11 91
# description: Simple masquerading setup for RedHat Linux with 2.2 kernels and ipchains
#
# --------------------------------------------------------------------------
#
# Requires these variables set in /etc/sysconfig/firewall
#
# MSQ_START        Enable masquerading at system boot?
# MSQ_NETWORKS     Networks to be masqueraded
# MSQ_DEV          Device on which the masquerading should be active
# MSQ_MODULES      modules to load for masquerading
# --------------------------------------------------------------------------
# Author: Bodo Bauer <bb@ricochet.net>
#         Ruediger Oertel <ro@suse.de> adapted for SuSE boot layout
# 				Mirko Zeibig <mirko.zeibig@gmx.de> adapted for RH6.0
# /etc/rc.d/init.d/masquerade
#
# Changes:
#
# bb 12/24/98 - v2.0 changed to 'ipchains' to make it working with 2.1 kernel
# bb 01/13/99 - v2.1 added certain plausibility checks
# mz 07/27/99 - v2.1 adapted for RH 6.0
# --------------------------------------------------------------------------

# Read settings 
. /etc/sysconfig/firewall/config

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# Version
VERSION="masquerading v2.1"

# used tools
IPCHAIN="/sbin/ipchains"
INSMOD="/sbin/insmod"
LSMOD="/sbin/lsmod"
RMMOD="/sbin/rmmod"

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && MSQ_START=yes
test "$MSQ_START" = yes || exit 0

#  a little function to check if a module is loaded
module() {
	${LSMOD} | grep "^$1 " > /dev/null
}

if test -f /proc/net/ip_masquerade ; then
	case "$1" in
		start)
			# check if IP forwarding is enabled
			if test `cat /proc/sys/net/ipv4/ip_forward` -eq 1  ; then
				if ! `cat /proc/net/ip_fwnames | grep user_msq > /dev/null` ; then
					echo -n "Enabling $VERSION on device ${MSQ_DEV}... "

					# create new chain for masquerading
					${IPCHAIN} -N user_msq
					${IPCHAIN} -A user_msq -s 0/0 -d 0/0 -j MASQ

					# now add forward rules  
					for i in ${MSQ_NETWORKS}; do	
						${IPCHAIN} -A forward -s $i -d 0/0 -i ${MSQ_DEV} -j user_msq
					done

					for i in ${MSQ_MODULES}; do	
						if ! module $i ; then
							${INSMOD} $i
						fi
					done
					touch /var/lock/subsys/masquerade
					success "start"
				else
					failure "start Chain user_msq already exists!"
				fi
			else
				failure "start System lacks IP forwarding -> masquerading not enabled"
			fi
			echo
			;;

		stop)
			if `cat /proc/net/ip_fwnames | grep user_msq > /dev/null` ; then
				echo -n "Disabling $VERSION on device ${MSQ_DEV}..."

				# remove forward rules 
				for i in ${MSQ_NETWORKS}; do	
					${IPCHAIN} -D forward -s $i -d 0/0 -i ${MSQ_DEV} -j user_msq
				done

				# empty and remove masquerading chain
				${IPCHAIN} -F user_msq 
				${IPCHAIN} -X user_msq 

				# remove modules
				for i in ${MSQ_MODULES}; do	
					if module $i ; then
						${RMMOD} $i
					fi
				done
				rm -f /var/lock/subsys/masquerade
				success "stop"
			else
				echo -n "No chain user_msq, masquerading not enabled?"
				failure "stop No chain user_msq, masquerading not enabled?"
			fi

			echo
			;;
		restart|reload)
			$0 stop  &&  $0 start  ||  failure "restart"
			;;

		status)
			if `cat /proc/net/ip_fwnames | grep user_msq > /dev/null` ; then
				${IPCHAIN} -ML -n
			else
				echo "Masquerading not loaded."
			fi
			;;

		*)
			echo ""
			echo "Usage: $0 {start|stop|status|restart|reload}"
			exit 1
	esac
else
	failure "$VERSION: kernel lacks masquerading support"
	echo
	exit 1
fi

# Inform the caller not only verbosely and set an exit status.
test "$return" = "$rc_done" || exit 1
exit 0
