#!/bin/sh

iptables=/sbin/iptables

case "$1" in
  start)
    if $0 status > /dev/null; then
      echo "ist schon aktiviert"
      exit 2
    fi
    
    echo "Enabling ip_forward..."
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo "Adding firewall rule (masquerading)..."
    $iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    echo "Allowing forward in iptables..."
    $iptables -P FORWARD ACCEPT
    ;;
  stop)
    echo "Disallowing forward in iptables..."
    $iptables -P FORWARD DROP
    echo "Deleting firewall rule (masquerading)..."
    $iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE
    echo "Disabling ip_forward..."
    echo 0 > /proc/sys/net/ipv4/ip_forward
    ;;
  status)
    forward=`cat /proc/sys/net/ipv4/ip_forward`
    if test $forward -eq 0; then
      echo "router (NAT) is inactive"
      exit 1
    else
      echo "router (NAT) is ACTIVE!"
      exit 0
    fi
    ;;
  *)
    echo "Usage: $0 {start|stop|status}"
    exit 1;
    ;;
esac

exit 0

