From 32110b35da9d3ed1ce9668d3f17c28100a878687 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 2 Sep 2013 17:45:57 +0100
Subject: [PATCH] jazz.m4: Allow iodine hosts NATed internet access.

---
 jazz.m4 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/jazz.m4 b/jazz.m4
index d392f2b..f77a251 100644
--- a/jazz.m4
+++ b/jazz.m4
@@ -37,6 +37,22 @@ allowservices inbound udp \
 
 ## Other interesting things.
 dnsresolver inbound
+dnsserver inbound
+
+## Temporary NAT for iodine tunnel.
+for i in PREROUTING OUTPUT POSTROUTING; do
+  run iptables -t nat -P $i ACCEPT 2>/dev/null || :
+  run iptables -t nat -F $i 2>/dev/null || :
+done
+run iptables -t nat -F
+run iptables -t nat -X
+
+iptables -t nat -N outbound
+run iptables -t nat -A outbound -j RETURN ! -i dns+
+run iptables -t nat -A outbound -j RETURN ! -s 172.29.198.128/28
+run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
+run iptables -t nat -A outbound -j SNAT --to-source 212.13.198.77
+iptables -t nat -A POSTROUTING -j outbound
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------
-- 
2.11.0