all the last-minute changes before the workshop

setups/gateway.sh

@@ -13,6 +13,10 @@ ip addr replace dev eth3 172.16.202.32/31
 
 echo "nameserver 192.168.0.254" > /etc/resolv.conf
 
+useradd -m keycollector
+mkdir -p /home/keycollector/.ssh/
+echo "restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpofQk36/HtJcTSHVqFY9f0iyliVnDRWKpPvlnS3v5F keycollect-identity" > /home/keycollector/.ssh/authorized_keys
+chown keycollector:keycollector /home/keycollector/.ssh/ -Rv
 
 # ----------------------------------------------------------------------
 # Run the long pipeline in the background, but start it only after 60 s.
@@ -20,8 +24,8 @@ echo "nameserver 192.168.0.254" > /etc/resolv.conf
 # ----------------------------------------------------------------------
 
 (
-    # wait 90 seconds first
-    sleep 90
+    # wait 180 seconds first
+    sleep 180
     /usr/local/bin/online-users.sh
 ) > /online-users.txt &   # ← background the whole subshell
 

setups/hypervisor.sh

@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 UPLINK_INTERFACE="enp0s31f6"
 
-for port in {4010..4200}; do
-    ip_octet=$((port - 4000))               # 4011 → 11, … 4200 → 200
+what="A"
+if [ "$1" == "delete" ]; then
+    what="D"
+fi
+for port in {4001..4200}; do
+    ip_octet=$((port - 4000))               # 4001 → 1, … 4200 → 200
     dst_ip="192.168.0.${ip_octet}"
-
-    iptables -t nat -A PREROUTING \
+    iptables -t nat -${what} PREROUTING \
         -i "$UPLINK_INTERFACE" -p tcp -m tcp --dport "$port" \
         -j DNAT --to-destination "${dst_ip}:22"
 done
-iptables -t nat -A POSTROUTING     -o br-ext -p tcp -d 192.168.0.0/24 --dport 22     -j MASQUERADE
+iptables -t nat -A POSTROUTING     -o br-ext -p tcp -d 192.168.0.0/24 --dport 22     -j MASQUERADE