From 8a871d18d97183a08312027cd9179035fb3a6bf6 Mon Sep 17 00:00:00 2001
From: Sergio Oliveira <sergio@tracy.com.br>
Date: Mon, 18 May 2015 19:21:32 -0300
Subject: [PATCH] Setup iptables forward on bootstrap script

---
 Rakefile                     | 2 +-
 utils/reverseproxy_ssh_setup | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Rakefile b/Rakefile
index 9d12c0f..2d750ab 100644
--- a/Rakefile
+++ b/Rakefile
@@ -91,7 +91,7 @@ task :preconfig => ssh_config_file do
     puts "I: delete #{preconfig_file} to force running again"
   else
     sh 'scp', '-F', ssh_config_file, 'utils/reverseproxy_ssh_setup', 'reverseproxy.unconfigured:/tmp'
-    sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s
+    sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s, ips['reverseproxy'], ips['integration']
 
     File.open(preconfig_file, 'w') do |f|
       f.puts($ALT_SSH_PORT)
diff --git a/utils/reverseproxy_ssh_setup b/utils/reverseproxy_ssh_setup
index 7fa818c..7704a6f 100755
--- a/utils/reverseproxy_ssh_setup
+++ b/utils/reverseproxy_ssh_setup
@@ -3,6 +3,8 @@
 set -e
 
 port="$1"
+reverseproxy_ip="$2"
+integration_ip="$3"
 
 # switch SSH to port $port
 sed -i -e 's/^#\?\s*Port\s*[0-9]\+\s*$/Port '$port'/g' /etc/ssh/sshd_config
@@ -15,3 +17,8 @@ semanage port -a -t ssh_port_t -p tcp "$port"
 
 # Restart SSH
 systemctl restart sshd
+
+# Setup port redirect
+iptables -A PREROUTING -d $reverseproxy_ip/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination $integration_ip:22
+iptables -A POSTROUTING -d $integration_ip/32 -p tcp -m tcp --dport 22 -j SNAT --to-source $reverseproxy_ip
+sysctl -w net.ipv4.ip_forward=1
--
libgit2 0.21.2