#!/usr/local/bin/cbsd
#v10.3.0
globalconf="${distdir}/cbsd.conf";
MYARG=""
MYOPTARG="fw_new natip_new"
MYDESC="Configure CBSD NAT service for RFC1918 Networks"
ADDHELP="
${H3_COLOR}Description${N0_COLOR}:

Jails/VMs do not always require external IP, or, for security reasons, a number of services need 
to deploy on private IPs, so they were not available from the Internet. Thus, the jails may be 
needed for Internet access. 

In this case the NAT translating the private IP address of the jails to external IP of the server. 
CBSD functional has a configuration template NAT rules for translating of private networks RFC1918. 
To do this, this command as the first step is required:

 cbsd natcfg

for selecting the appropriate framework for which the configuration will 
be loaded NAT: 'pf', 'ipfw', 'ipfilter' or 'nft'. The names of the relevant frameworks.

Attention! When you configure this, system file /boot/loader.conf nodes will be modified to 
load the appropriate modules.

Selection framework and IP for NAT alias executed when you first start 'cbsd initenv', 
can later be reconfigured through 'cbsd initenv-tui'.
To 'natip' changed in force, you must run 'cbsd natcfg' and 'cbsd naton' again. 

To disable nat control by CBSD, use the follow command: 'cbsd natoff'.

pf firewall notes:

 CBSD generate follow config files for NAT/RDR (via 'cbsd expose'):
 
 -  ~cbsd/etc/pfnat.conf
 -  ~cbsd/etc/pfrdr.conf

 If you use custom pf files, you can include CBSD rules in your /etc/pf.conf via 'include'.
 Also you can re-configure 'cbsd naton' function via ~cbsd/etc/cbsd-pf.conf and switch from
 internal CBSD 'enable' method to custom. In additional, by ~cbsd/etc/cbsd-pf.conf file you
 can overwrite default 'cbsd_nat_networks' values.


${H3_COLOR}Options${N0_COLOR}:

 ${N2_COLOR}fw_new${N0_COLOR}    - reconfigure NAT with new NAT engine.
 ${N2_COLOR}natip_new${N0_COLOR} - re-configure NAT with new 'natip' value.


${H3_COLOR}Examples${N0_COLOR}:

 # cbsd natcfg
 # cbsd natcfg fw_new=pf natip_new=192.168.0.1

${H3_COLOR}See also${N0_COLOR}:

 cbsd naton --help
 cbsd natoff --help
 cbsd expose --help
 cbsd natcfg-tui --help
 cbsd initenv-tui --help

"

. ${subrdir}/nc.subr

. ${cbsdinit}

. ${system}
. ${initenv}

update_inv()
{
	env sqlcolnames="1" ${miscdir}/sqlcli ${dbdir}/local.sqlite "SELECT * FROM local" > ${inventory}
}

${ECHO} "${N1_COLOR}CBSD NAT current status:${N0_COLOR}"
case "${nat_enable}" in
	0)
		nat_enable_status="disabled"
		;;
	*)
		nat_enable_status="${nat_enable}"
		;;
esac
${ECHO} "${N1_COLOR}enabled: ${N2_COLOR}${nat_enable_status}${N0_COLOR}"
${ECHO} "${N1_COLOR}natip: ${N2_COLOR}${natip}${N0_COLOR}"
echo

# non interactive?
if [ -n "${fw_new}" -o -n "${natip_new}" ]; then

	if [ -n "${fw_new}" ]; then
		ok="${fw_new}"		# ok variable used by make_nat
	else
		ok="${nat_enable}"
	fi

	if [ -n "${natip_new}" ]; then
		natip="${natip_new}"
		${miscdir}/sqlcli ${dbdir}/local.sqlite UPDATE local SET natip=\"${natip}\"
	fi

	export inter=0
	make_nat && update_inv
else
	getyesnocancel "Configure NAT for RFC1918 Network?"
	ret=$?
	case "${ret}" in
		0)
			configure_nat
			update_inv
			${ECHO} "${N1_COLOR}mark CBSD NAT as enabled. Use ${N2_COLOR}cbsd naton${N1_COLOR} to turn on immediately${N0_COLOR}"
			;;
		1)
			#
			${ECHO} "${N1_COLOR}mark CBSD NAT enabled. Use ${N2_COLOR}cbsd natoff${N1_COLOR} to turn off immediately${N0_COLOR}"
			natcfg fw_new=0
			;;
		*)
			;;
	esac
fi

exit 0
