#!/bin/bash

# this script sets up ip rules to handle our dual ISP setup (ie make
# sure packets /not/ going to internal - hence going to internet - are
# sent via appropriate ISP)
#
# isp_nets - describe isps in form:
# "tablename,ip-prefix,realm,gateway \
# " [tablename,ip-prefix,realm,gateway [ ...]]"
# 
# note that you may list an isp more than once, eg if you have multiple PA
# assignments, but they must be able to use the same gateway. Otherwise use
# different table names.
#
# You must have entries in /etc/iproute2/rt_{realms,tables} for the realm
# and table names. The names can be arbitrary - the realm name is used in
# output of rtacct.
#
# eg:
isp_nets="acmeisp,192.168.100.0/24,acmeisp-pa,192.168.100.1 \
	acmeisp,192.168.120/24,acmeisp-pa,192.168.100.1 \
	foobar,172.18.10.16/28,esat-pa,172.17.1.1"

# intranets - list the ISP ranges which you use internally. These will be
# routed according to the main table. These prefixes must not include
# any isp_net prefixes, or else external routing for isp_net's wont
# work.
intranets="192.168.1.0/24 10.0.0.0/8 172.16.0.0/24"
# arbitrary realm name for intranet - must be listed in 
# /etc/iproute2/rt_realms, as for all realm names
intrarealm=ourintranet

# pref number to start ip rules at
pref=20000 

for prefix in $intranets; do  
	ip ru add to $prefix table main realm $intrarealm pref $pref ; 
	pref=$(($pref+100))
done

for net in $isp_nets ; do
	table=`echo $net | sed 's/^\(.*\),.*,.*,.*$/\1/'`
	prefix=`echo $net | sed 's/^.*,\(.*\),.*,.*$/\1/'`
	realm=`echo $net | sed 's/^.*,.*,\(.*\),.*$/\1/'`
	gw=`echo $net | sed 's/^.*,.*,.*,\(.*\)$/\1/'`
	#echo "$net: prefix: $prefix realm: $realm table: $table gw: $gw"
	ip ro add table $table default via $gw
	ip ru add to $prefix table main realm $realm pref $pref
	pref=$(($pref+100)) 
	ip ru add from $prefix table $table realm $realm pref $pref
	pref=$(($pref+100))
done