#!/bin/bash
INT="eth2"
EXT="eth1"

ip rule add fwmark 1 lookup 100
ip -f inet route add local 0.0.0.0/0 dev lo table 100

iptables -F
iptables -t mangle -F
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 1800 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1

ebtables -t broute -F
ebtables -t broute -A BROUTING -p IPv4 -i $INT --ip-proto tcp --ip-dport 80 -j redirect  --redirect-target DROP
ebtables -t broute -A BROUTING -p IPv4 -i $EXT --ip-proto tcp --ip-sport 80 -j redirect  --redirect-target DROP