From fdaf00a6cbd1568ce6e4de2b424547060ba0ae60 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 9 Dec 2011 23:11:50 +0000
Subject: [PATCH] vampire.m4: Assume router and NAT duties.

---
 vampire.m4 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/vampire.m4 b/vampire.m4
index e378447..7584566 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -92,5 +92,21 @@ run iptables -A OUTPUT -m multiport \
 dnsresolver inbound
 ntpclient inbound $ntp_servers
 
+## NAT for RFC1918 addresses.
+for i in PREROUTING OUTPUT POSTROUTING; do
+  run iptables -t nat -P $i ACCEPT 2>/dev/null || :
+  run iptables -t nat -F $i 2>/dev/null || :
+done
+run iptables -t nat -F
+run iptables -t nat -X
+
+run iptables -t nat -N outbound
+run iptables -t nat -A outbound -j RETURN ! -o $if_dmz
+run iptables -t nat -A outbound -j RETURN ! -s 172.29.198.0/23
+run iptables -t nat -A outbound -j RETURN -d 62.49.204.144/28
+run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
+run iptables -t nat -A outbound -j SNAT --to-source 62.49.204.158
+run iptables -t nat -A POSTROUTING -j outbound
+
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------
-- 
2.11.0