#!/bin/sh

if [ -n "$DEBUG" ]; then
  echo "$0: Beginning $1"
fi

# Set this to your internal interface.  Everything else should be
# automatic.
intint="eth0"

MASQMODS="ip_masq_ftp ip_masq_raudio ip_masq_ftp"
PARANOID=1

if [ "$1" = "change" ]; then
  if [ "$IPADDR" = "$OLD_IPADDR" ]; then

    if [ -n "$VERBOSE" ]; then
      echo "$0: IP address unchanged; skipping"
    fi

    exit 0
  fi
fi

extint="${DEVICE}"
extip="${IPADDR}"
extmask="${NETMASK}"

for i in `/sbin/ifconfig "$intint" | grep '^ *inet'` 
do
  setting="`echo "$i" |sed -e 's/:.*$//' |tr '[A-Z]' '[a-z]'`"
  val="`echo "$i" |sed -e 's/^.*://'`"
  if [ -n "$setting" ]; then
    case "$setting" in
      addr)  intip="$val";;
      bcast) intbcast="$val" ;;  
      mask)  intmask="$val"; intnet="$intip/$intmask" ;;
    esac
  fi
done


case "$1" in
  up|change)

    if [ -z "${DEVICE}" -o -z "${IPADDR}" ]; then
      echo "$0: DEVICE or IPADDR not set!" 1>&2
      exit 2
    fi

    if [ -n "$VERBOSE" ]; then
      echo "$0: Configuring network for sharing."
      echo "$0:     internal: $intint $intnet"
      echo "$0:     external: $extint $extip"
    fi

    for mod in $MASQMODS
    do
      /sbin/modprobe "$mod"
    done
    
    # Timeouts: 24 hours TCP, 
    #           512 sec after-FIN (2*MSL-ish), 
    #           160 sec UDP.
    /sbin/ipchains -M -S 86400 512 3600

    /sbin/ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ

    # Log and reject anything else.
    /sbin/ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT

    echo "1" >/proc/sys/net/ipv4/ip_forward  

    if [ "`uname -m`" = "alpha" ]; then
      HZ=1024
    else
      HZ=100
    fi

    ICMP_MAXRATE=`expr $HZ / 3`
    echo "1" >/proc/sys/net/ipv4/ip_dynaddr  
    echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    echo "$ICMP_MAXRATE" >/proc/sys/net/ipv4/icmp_destunreach_rate
    echo "$ICMP_MAXRATE" >/proc/sys/net/ipv4/icmp_paramprob_rate
    echo "$ICMP_MAXRATE" >/proc/sys/net/ipv4/icmp_timeexceed_rate
    echo "$ICMP_MAXRATE" >/proc/sys/net/ipv4/icmp_echoreply_rate
    echo "0" >/proc/sys/net/ipv4/conf/$extint/accept_redirects
    echo "0" >/proc/sys/net/ipv4/conf/$intint/accept_redirects
    echo "0" >/proc/sys/net/ipv4/conf/$extint/send_redirects
    echo "0" >/proc/sys/net/ipv4/conf/$intint/send_redirects
    echo "0" >/proc/sys/net/ipv4/conf/$extint/accept_source_route
    echo "0" >/proc/sys/net/ipv4/conf/$intint/accept_source_route
      
;;
  
  down)

    echo "0" >/proc/sys/net/ipv4/ip_forward  

    for mod in $MASQMODS
    do
      /sbin/rmmod $mod
    done
    
  ;;
  
  *)
    echo "Usage: $0 up|down|change"
    exit 1
  ;;
esac  

if [ -n "$DEBUG" ]; then
  echo "$0: Ending $1"
fi

exit 0
