From 25475ec6e5f56f0c582857470230075b44cc14f1 Mon Sep 17 00:00:00 2001
From: Felix Schueren <mail@felixschueren.de>
Date: Tue, 4 Nov 2025 22:16:55 +0100
Subject: [PATCH] Added readme, DNAT script

---
 README.md            | 46 ++++++++++++++++++++++++++++++++++++++++++++
 setups/hypervisor.sh | 12 ++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 README.md
 create mode 100755 setups/hypervisor.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9daa2a4
--- /dev/null
+++ b/README.md
@@ -0,0 +1,46 @@
+## Setup
+### build docker image for linux:
+```
+cd ~/labs/sshworkshop
+docker build -t workshop-debian:v1 .
+```
+### generate/ready the list of names:
+`cp namepicker/names.yml ~/labs/sshworkshop/names-hashes.yml`
+
+### bridges on clab host
+`apt install bridge-utils`
+
+```
+auto br-ext
+iface br-ext inet static
+    address 10.192.40.1/29
+    bridge-ports none
+    bridge-stp off
+    bridge-fd 0
+
+auto br-clab-intonly
+iface br-clab-intonly inet manual
+    bridge-ports none
+    bridge-stp off
+    bridge-fd 0
+```
+`ifup br-ext`
+`ifup br-clab-intonly`
+
+### DNAT & Co
+edit & run `./setups/hypervisor.sh` (change UPLINK_INTERFACE accordingly)
+```
+#!/usr/bin/env bash
+UPLINK_INTERFACE="enp0s31f6"
+
+for port in {4010..4200}; do
+    ip_octet=$((port - 4000))               # 4011 → 11, … 4200 → 200
+    dst_ip="192.168.0.${ip_octet}"
+
+    iptables -t nat -A PREROUTING \
+        -i "$UPLINK_INTERFACE" -p tcp -m tcp --dport "$port" \
+        -j DNAT --to-destination "${dst_ip}:22"
+done
+iptables -t nat -A POSTROUTING     -o br-ext -p tcp -d 192.168.0.0/24 --dport 22     -j MASQUERADE
+```
+
diff --git a/setups/hypervisor.sh b/setups/hypervisor.sh
new file mode 100755
index 0000000..d3ffb81
--- /dev/null
+++ b/setups/hypervisor.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+UPLINK_INTERFACE="enp0s31f6"
+
+for port in {4010..4200}; do
+    ip_octet=$((port - 4000))               # 4011 → 11, … 4200 → 200
+    dst_ip="192.168.0.${ip_octet}"
+
+    iptables -t nat -A PREROUTING \
+        -i "$UPLINK_INTERFACE" -p tcp -m tcp --dport "$port" \
+        -j DNAT --to-destination "${dst_ip}:22"
+done
+iptables -t nat -A POSTROUTING     -o br-ext -p tcp -d 192.168.0.0/24 --dport 22     -j MASQUERADE
\ No newline at end of file