#!/bin/bash

# Establish iptables-based reverse proxy

if [ ! -z "$1" ] && [ "$1" == "--reset" ]; then
    iptables -F -t nat
    exit $?
fi

if [ ! -z "$1" ] && [ "$1" == "--list" ]; then
    iptables -S -t nat
    exit $?
fi

if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
    printf "Usage: $0 localport remotehost remoteport [ --local ]\n"
    printf "       $0 --reset\n"
    printf "       $0 --list\n"
    exit 1
fi

# Tell the kernel to allow forwarding packets.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Default forwarding rule
iptables -t nat -A PREROUTING -p tcp -m tcp --dport "$1" -j DNAT --to-destination "$2":"$3"

# Set up masquerading if not already done
if [ `iptables -S -t nat | grep -c '\-A POSTROUTING -j MASQUERADE'` -ne 1 ]; then
    iptables -t nat -A POSTROUTING -j MASQUERADE;
fi

# Handle local forwarding.
if [ "$4" == "--local" ] || [ "$2" == "127.0.0.1" ]; then
    iptables -t nat -I OUTPUT -p tcp -o lo --dport "$1" -j REDIRECT --to-ports "$3"
fi