#!/bin/sh
# $Id: nat-dns,v 1.2 2006/11/09 16:01:18 friedman Exp $

chain=${NAT_DNS_CHAIN-OUTPUT}
dst=${NAT_DNS_DST-192.168.1.2}

ipt()
{
  iptables -t nat ${1+"$@"}
}

rule()
{
  case $1 in
    ruleno ) re='^\([^ ]*\) .*' ;;
    server ) re='.* udp dpt:53 to:\(.*\)' ;;
  esac

  iptables -t nat -L $chain -n --line-numbers \
   | sed -n -e 's/[ 	][ 	]*/ /g' \
            -e "/ DNAT .* udp dpt:53 to:/s/$re/\1/p"
}

flush()
{
  for n in `rule ruleno | tac`; do
    ipt -D $chain $n
  done
}

main()
{
  case ${UID-`id -u`} in
    0 ) : ;;
    * ) exec sudo "$0" ${1+"$@"} ;;
  esac

  case $1 in
    -  ) flush ;;
    '' ) rule server ;;
    *  ) flush
         ipt -I $chain -p udp -d $dst --dport 53 -j DNAT --to-destination $1 ;;
  esac
}

main ${1+"$@"}

# eof