#!/usr/bin/env bash 

set -eu

DESC="Test de la configuration de base du TP DMZ."

SYSTEMS="bigboss lambda nomade societe tiny web"

config() {
	IP_SOCIETE_PUBLIC=$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP)
	vdn-ssh -t root@societe "
# net.ipv4.ip_forward=1
sed -i -re 's/#(net.ipv4.ip_forward=1)/\1/g' /etc/sysctl.conf
sysctl -p

cat << EOF > vide.sh
#!/bin/sh
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F POSTROUTING -t nat
iptables -F PREROUTING -t nat
EOF

chmod 755 vide.sh

cat << EOF > local-1.sh
#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
EOF

chmod 755 local-1.sh

cat << EOF > fermeDehors.sh
#!/bin/sh

iptables -A INPUT -p tcp --dport 22 -j ACCEPT     # ssh 
iptables -A INPUT -p tcp --dport 53 -j ACCEPT     # DNS
iptables -A INPUT -p tcp --dport 25 -j ACCEPT     # Mail   
iptables -A INPUT -p tcp --dport 993 -j ACCEPT    # Imap sur ssl
  
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
  
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
  
iptables -A INPUT -i eth0 -j REJECT
EOF

chmod 755 fermeDehors.sh

cat << EOF > forward.sh
iptables -t nat -A PREROUTING -p tcp -d $IP_SOCIETE_PUBLIC  --dport 80 -j DNAT --to 192.168.1.2
EOF

chmod 755 forward.sh

cat << EOF > local.sh
#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -s 192.168.30.0/24 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

iptables -s 192.168.1.2 -p tcp --dport 80 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -s 192.168.1.2 -p tcp --dport 53 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -s 192.168.1.2 -p tcp --dport 25 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
EOF

chmod 755 local.sh

cat << EOF > fw-on.sh
#!/bin/sh

/root/vide.sh
/root/fermeDehors.sh
/root/local.sh
/root/forward.sh
if [ -x /root/dns.sh ]; then
	/root/dns.sh
fi 
EOF

chmod 755 fw-on.sh

/root/fw-on.sh
"


}

test() {
	# tiny peut joindre bigboss (et vice versa).

	vdn-ssh root@bigboss "ping -c 1 tiny"
	vdn-ssh root@tiny "ping -c 1 bigboss"

	# societe est joignable par toutes les machines (et vice versa)

	for i in $SYSTEMS; do
		vdn-ssh root@$i "ping -c 1 societe"
	done

	# lambda peut joindre nomade (et vice-versa)

	vdn-ssh root@lambda "ping -c 1 nomade"
	vdn-ssh root@nomade "ping -c 1 lambda"

	# vérifiez que les serveurs apache2 de lambda, web et bigboss fonctionnent

	vdn-ssh root@bigboss "lynx -dump bigboss" | grep -q 'Bienvenue'
	vdn-ssh root@web "lynx -dump web" | grep -q 'Bienvenue'
	vdn-ssh root@lambda "lynx -dump lambda" | grep -q 'Bienvenue'
}


run() {
	setErrorHandler
	echoStart

	requireSshGuests $SYSTEMS

	#set -x

	# Config
	config

	# test
	#test

	unsetErrorHandler
	echoDone
}