core-agent-linux/network/qubes-setup-dnat-to-ns

#!/bin/sh
addrule()
{
        if [ "$FIRSTONE" = yes ] ; then
                FIRSTONE=no
                RULE1="-A PR-QBS -d $NS1 -p udp --dport 53 -j DNAT --to $1
-A PR-QBS -d $NS1 -p tcp --dport 53 -j DNAT --to $1"
                RULE2="-A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $1
-A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $1"
        else
                RULE2="-A PR-QBS -d $NS2 -p udp --dport 53 -j DNAT --to $1
-A PR-QBS -d $NS2 -p tcp --dport 53 -j DNAT --to $1"
        fi
}
export PATH=$PATH:/sbin:/bin
# shellcheck disable=SC1091
. /var/run/qubes/qubes-ns
if [ "X$NS1" = "X" ] ; then exit ; fi
iptables -t nat -F PR-QBS
FIRSTONE=yes
grep ^nameserver /etc/resolv.conf | grep -v ":.*:" | head -2 |
        (
        # shellcheck disable=SC2034
        while read -r x y z ; do
                addrule "$y"
        done
        (echo "*nat"; echo "$RULE1"; echo "$RULE2"; echo COMMIT) | iptables-restore -n
        )