# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
   config.vm.define "tproxy-upstream" do |upstream_router|
       upstream_router.vm.box = "ubuntu/trusty64"
       upstream_router.vm.network "private_network", ip: "198.18.0.254", virtualbox__intnet: "tproxy-edge"
       upstream_router.vm.provision "shell", inline: <<-SHELL
         sudo sysctl -w net.ipv4.ip_forward=1
         sudo sysctl -w net.ipv6.conf.all.forwarding=1

         sudo ip r add 198.18.1.0/24 via 198.18.0.1

         sudo iptables -t nat -A POSTROUTING -j MASQUERADE
       SHELL
   end

  config.vm.define "tproxy" do |tproxy|
      tproxy.vm.box = "ubuntu/trusty64"
      tproxy.vm.network "private_network", ip: "198.18.0.1", virtualbox__intnet: "tproxy-edge"
      tproxy.vm.network "private_network", ip: "198.18.1.254", virtualbox__intnet: "tproxy-intranet"
      tproxy.vm.provision "shell", inline: <<-SHELL
        # Change default to use upstream VM as router
        sudo ip r del default
        sudo ip r add default via 198.18.0.254 dev eth1

        sudo sysctl -w net.ipv4.ip_forward=1
        sudo sysctl -w net.ipv6.conf.all.forwarding=1

        sudo iptables -t mangle -N DIVERT
        sudo iptables -t mangle -A PREROUTING -m socket -j DIVERT
        sudo iptables -t mangle -A DIVERT -j MARK --set-mark 1
        sudo iptables -t mangle -A DIVERT -j ACCEPT

        sudo ip rule add fwmark 1 lookup 100
        sudo ip route add local 0.0.0.0/0 dev lo table 100

        sudo iptables -t mangle -A PREROUTING -i eth2 -p tcp -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080
        sudo iptables -t mangle -A PREROUTING -i eth2 -p udp -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080

        sudo iptables -t nat -A POSTROUTING -j MASQUERADE
      SHELL
  end
end
