#####
# server dmz
#
# Timothy Prepscius v20130326

# Allow the server to forward ips
echo 1 > /proc/sys/net/ipv4/ip_forward

# bring up the tap
ifconfig tap0 up
# put an ip on it so we can route traffic through it
ifconfig tap0 192.168.2.5

# route all traffic for 192.168.2.* through it
# this is done implicitly when we add the ip to the tap0
#ip route add 192.168.2.0/24 dev tap0

#####
# server iptables

iptables -F
iptables -t nat -F

# forward traffic between DMZ and LAN
iptables -A FORWARD -i eth0 -o tap0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i tap0 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Route incoming port to DMZ server 192.168.2.1
#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 192.168.2.1:8000

# do not need since nginx is performing this
#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.2.1:8080

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination 192.168.2.1:10025
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 7000 -j DNAT --to-destination 192.168.2.1:7000
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 7001 -j DNAT --to-destination 192.168.2.1:7001

# When the traffic goes back out, make sure it has our IP and not the DMZ
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

### End Server ####