#!/bin/sh

IPTABLES=/usr/sbin/iptables

NETWORK_TO_NAT=
OUTSIDE_IF=eth0

[ -x $IPTABLES ] || exit 1

# Only enable by default if LTSP is installed
if [ -e /srv/ltsp ] ; then
    NETWORK_TO_NAT="192.168.0.0/24"
fi

if [ -f /etc/default/enable-nat ] ; then
    . /etc/default/enable-nat
fi

# Bail out if no network is configured
[ -n "$NETWORK_TO_NAT" ] || exit 0

case $1 in
enable)
    # Exit if already enabled
    $IPTABLES -t nat -n -L POSTROUTING | \
        awk -v net="$NETWORK_TO_NAT" '
        NR > 2 && $1 == "MASQUERADE" && $4 == net {
            found=1
            exit
        }
        END {
            exit(!found)
        }' && exit 0

    $IPTABLES -t nat -A POSTROUTING -s "$NETWORK_TO_NAT" -o "$OUTSIDE_IF" -j MASQUERADE

    # Enable IP-forwarding if it isn't enabled already.
    sysctl -wq net.ipv4.ip_forward=1
    ;;
disable)
    $IPTABLES -F -t nat
    ;;
*)
    printf 'usage: %s [enable|disable]\n' "$(basename "$0")" >&2
    exit 1
    ;;
esac
