/usr/local/www/firewall_nat_out.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_out.php @ 1e137ab5

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	19ae0929	Scott Ullrich	<?php
3	5b237745	Scott Ullrich	/*
4			firewall_nat_out.php
5	c55b323d	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
6			All rights reserved.
7	19ae0929	Scott Ullrich
8	c55b323d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	19ae0929	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	19ae0929	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	19ae0929	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	19ae0929	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34			require("guiconfig.inc");
35
36			if (!is_array($config['nat']['advancedoutbound']['rule']))
37			$config['nat']['advancedoutbound']['rule'] = array();
38	19ae0929	Scott Ullrich
39	5b237745	Scott Ullrich	$a_out = &$config['nat']['advancedoutbound']['rule'];
40	9c96aff5	Bill Marquette	//nat_out_rules_sort();
41	5b237745	Scott Ullrich
42			if ($_POST) {
43
44			$pconfig = $_POST;
45
46	9c96aff5	Bill Marquette	if ($_POST['apply']) {
47	19ae0929	Scott Ullrich
48	9c96aff5	Bill Marquette	write_config();
49
50			$retval = 0;
51	19ae0929	Scott Ullrich
52	9c96aff5	Bill Marquette	if (!file_exists($d_sysrebootreqd_path)) {
53	5b237745	Scott Ullrich	config_lock();
54	9c96aff5	Bill Marquette	$retval \|= filter_configure();
55			config_unlock();
56			}
57			$savemsg = get_std_save_message($retval);
58	19ae0929	Scott Ullrich
59	9c96aff5	Bill Marquette	if ($retval == 0) {
60			if (file_exists($d_natconfdirty_path))
61			unlink($d_natconfdirty_path);
62			if (file_exists($d_filterconfdirty_path))
63			unlink($d_filterconfdirty_path);
64			}
65	5b237745	Scott Ullrich	}
66			}
67
68	fe693b89	Bill Marquette
69
70			if (isset($_POST['save'])) {
71	1e137ab5	Bill Marquette
72			/* mutually exclusive settings - if user wants advanced NAT, we don't help with IPSec */
73	fe693b89	Bill Marquette	if ($_POST['ipsecpassthru'] == true) {
74			$config['nat']['ipsecpassthru']['enable'] = true;
75			$config['nat']['advancedoutbound']['enable'] = false;
76			}
77			if ($_POST['advancedoutbound'] == true) {
78			$config['nat']['advancedoutbound']['enable'] = true;
79			$config['nat']['ipsecpassthru']['enable'] = false;
80			}
81			if ($_POST['ipsecpassthru'] == false)
82			$config['nat']['ipsecpassthru']['enable'] = false;
83			if ($_POST['advancedoutbound'] == false)
84			$config['nat']['advancedoutbound']['enable'] = false;
85
86			write_config();
87			touch($d_natconfdirty_path);
88			header("Location: firewall_nat_out.php");
89			exit;
90			}
91
92	9c96aff5	Bill Marquette	if (isset($_POST['del_x'])) {
93			/* delete selected rules */
94			if (is_array($_POST['rule']) && count($_POST['rule'])) {
95			foreach ($_POST['rule'] as $rulei) {
96			unset($a_out[$rulei]);
97			}
98			write_config();
99			touch($d_natconfdirty_path);
100			header("Location: firewall_nat_out.php");
101			exit;
102			}
103
104			} else {
105	87b10bed	Bill Marquette	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
106	9c96aff5	Bill Marquette	unset($movebtn);
107			foreach ($_POST as $pn => $pd) {
108			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
109			$movebtn = $matches[1];
110			break;
111			}
112			}
113			/* move selected rules before this rule */
114			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
115			$a_out_new = array();
116
117			/* copy all rules < $movebtn and not selected */
118			for ($i = 0; $i < $movebtn; $i++) {
119			if (!in_array($i, $_POST['rule']))
120			$a_out_new[] = $a_out[$i];
121			}
122
123			/* copy all selected rules */
124			for ($i = 0; $i < count($a_out); $i++) {
125			if ($i == $movebtn)
126			continue;
127			if (in_array($i, $_POST['rule']))
128			$a_out_new[] = $a_out[$i];
129			}
130
131			/* copy $movebtn rule */
132			if ($movebtn < count($a_out))
133			$a_out_new[] = $a_out[$movebtn];
134
135			/* copy all rules > $movebtn and not selected */
136			for ($i = $movebtn+1; $i < count($a_out); $i++) {
137			if (!in_array($i, $_POST['rule']))
138			$a_out_new[] = $a_out[$i];
139			}
140			$a_out = $a_out_new;
141			write_config();
142			touch($d_natconfdirty_path);
143			header("Location: firewall_nat_out.php");
144			exit;
145			}
146	5b237745	Scott Ullrich	}
147	9c96aff5	Bill Marquette
148
149	5b237745	Scott Ullrich	?>
150			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
151			<html>
152			<head>
153	e8074dcd	Bill Marquette	<title><?=gentitle("Firewall: NAT: Outbound");?></title>
154	5b237745	Scott Ullrich	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
155			<link href="gui.css" rel="stylesheet" type="text/css">
156			</head>
157
158			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
159			<?php include("fbegin.inc"); ?>
160	e8074dcd	Bill Marquette	<p class="pgtitle">Firewall: NAT: Outbound</p>
161	fe693b89	Bill Marquette	<form action="firewall_nat_out.php" method="post" name="iform">
162	5b237745	Scott Ullrich	<?php if ($savemsg) print_info_box($savemsg); ?>
163			<?php if (file_exists($d_natconfdirty_path)): ?><p>
164			<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
165			<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
166			<?php endif; ?>
167			<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
168			<ul id="tabnav">
169			<li class="tabinact"><a href="firewall_nat.php">Inbound</a></li>
170			<li class="tabinact"><a href="firewall_nat_server.php">Server NAT</a></li>
171			<li class="tabinact"><a href="firewall_nat_1to1.php">1:1</a></li>
172			<li class="tabact">Outbound</li>
173	c55b323d	Scott Ullrich	<li class="tabinact"><a href="firewall_nat_out_load_balancing.php">Outbound Load Balancing</a></li>
174	5b237745	Scott Ullrich	</ul>
175			</td></tr>
176	19ae0929	Scott Ullrich	<tr>
177	5b237745	Scott Ullrich	<td class="tabcont">
178			<table width="100%" border="0" cellpadding="6" cellspacing="0">
179	fe693b89	Bill Marquette	<tr>
180	5b237745	Scott Ullrich	<td class="vtable"><p>
181	fe693b89	Bill Marquette	<input name="ipsecpassthru" type="checkbox" id="ipsecpassthru" value="yes" onClick="document.iform.advancedoutbound.checked=false" <?php if (isset($config['nat']['ipsecpassthru']['enable'])) echo "checked";?>>
182			<strong>Enable IPSec passthru</strong></p>
183	6b3a7398	Scott Ullrich	</td>
184	5b237745	Scott Ullrich	</tr>
185	19ae0929	Scott Ullrich	<tr>
186	fe693b89	Bill Marquette	<td class="vtable"><p>
187			<input name="advancedoutbound" type="checkbox" id="advancedoutbound" value="yes" onClick="document.iform.ipsecpassthru.checked=false" <?php if (isset($config['nat']['advancedoutbound']['enable'])) echo "checked";?>>
188			<strong>Enable advanced outbound NAT</strong></p></td>
189			</tr>
190			<tr>
191			<td> <input name="save" type="submit" class="formbtn" value="Save">
192	5b237745	Scott Ullrich	</td>
193			</tr>
194			<tr>
195	6b3a7398	Scott Ullrich	<td colspan="2"><p><span class="vexpl"><span class="red"><strong>Note:<br>
196	5b237745	Scott Ullrich	</strong></span>If advanced outbound NAT is enabled, no outbound NAT
197			rules will be automatically generated anymore. Instead, only the mappings
198			you specify below will be used. With advanced outbound NAT disabled,
199			a mapping is automatically created for each interface's subnet
200			(except WAN).</span> If you use target addresses other than the WAN interface's IP address, then depending on<span class="vexpl"> the way your WAN connection is setup, you may also need <a href="services_proxyarp.php">proxy ARP</a>.</span><br>
201			<br>
202			You may enter your own mappings below.</p>
203			</td>
204			</tr>
205			</table>
206			<br>
207			<table width="100%" border="0" cellpadding="0" cellspacing="0">
208	19ae0929	Scott Ullrich	<tr>
209	5b237745	Scott Ullrich	<td width="10%" class="listhdrr">Interface</td>
210			<td width="20%" class="listhdrr">Source</td>
211	a539f08b	Bill Marquette	<td width="20%" class="listhdrr">Source Port</td>
212	5b237745	Scott Ullrich	<td width="20%" class="listhdrr">Destination</td>
213	a539f08b	Bill Marquette	<td width="20%" class="listhdrr">NAT Port</td>
214	5b237745	Scott Ullrich	<td width="20%" class="listhdrr">Target</td>
215			<td width="25%" class="listhdr">Description</td>
216			<td width="5%" class="list"></td>
217			</tr>
218	9c96aff5	Bill Marquette	<?php $nnats = $i = 0; foreach ($a_out as $natent): ?>
219	19ae0929	Scott Ullrich	<tr>
220	5b237745	Scott Ullrich	<td class="listlr">
221			<?php
222			if (!$natent['interface'] \|\| ($natent['interface'] == "wan"))
223			echo "WAN";
224			else
225	19ae0929	Scott Ullrich	htmlspecialchars($config['interfaces'][$natent['interface']]['descr']);
226	5b237745	Scott Ullrich	?>
227			</td>
228	19ae0929	Scott Ullrich	<td class="listr">
229	5b237745	Scott Ullrich	<?=$natent['source']['network'];?>
230			</td>
231	a539f08b	Bill Marquette	<td class="listr">
232			<?php
233			if (!$natent['sourceport'])
234			echo "*";
235			else
236			echo $natent['sourceport'];
237			?>
238			</td>
239	19ae0929	Scott Ullrich	<td class="listr">
240	5b237745	Scott Ullrich	<?php
241			if (isset($natent['destination']['any']))
242			echo "*";
243			else {
244			if (isset($natent['destination']['not']))
245			echo "! ";
246			echo $natent['destination']['network'];
247			}
248			?>
249			</td>
250	a539f08b	Bill Marquette	<td class="listr">
251			<?php
252			if (!$natent['natport'])
253			echo "*";
254			else
255			echo $natent['natport'];
256			?>
257			</td>
258	19ae0929	Scott Ullrich	<td class="listr">
259	5b237745	Scott Ullrich	<?php
260			if (!$natent['target'])
261			echo "*";
262			else
263			echo $natent['target'];
264			?>
265			</td>
266	19ae0929	Scott Ullrich	<td class="listbg">
267			<font color="#FFFFFF"><?=htmlspecialchars($natent['descr']);?>
268	5b237745	Scott Ullrich	</td>
269	9c96aff5	Bill Marquette	<td class="list" valign="middle" nowrap>
270			<table border="0" cellspacing="0" cellpadding="1">
271			<tr>
272			<td><a href="firewall_nat_out_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a></td>
273			<td><input type="checkbox" name="rule[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
274			</tr>
275			<tr>
276			<td><input onmouseover="fr_insline(0, true)" onmouseout="fr_insline(0, false)" name="move_<?=$i;?>" src="left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td>
277			<!-- <billm><td><a href="firewall_nat_out_edit.php?dup=<?=$i;?>"><img src="plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td><billm> -->
278			</tr>
279			</table>
280			<?php $i++; $nnats++; endforeach; ?>
281	19ae0929	Scott Ullrich	<tr>
282	a539f08b	Bill Marquette	<td class="list" colspan="7"></td>
283	9c96aff5	Bill Marquette	<td class="list" valign="middle" nowrap>
284			<table border="0" cellspacing="0" cellpadding="1">
285			<tr>
286			<td><?php if ($nnats == 0): ?><img src="left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td>
287			<td><a href="firewall_nat_out_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
288			</tr>
289			<tr>
290			<td><?php if ($nnats == 0): ?><img src="x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td>
291			</tr>
292			</table></td>
293	5b237745	Scott Ullrich	</tr>
294			</table>
295			</td>
296			</tr>
297			</table>
298			</form>
299			<?php include("fend.inc"); ?>
300			</body>
301			</html>

Project

General

Profile

pfSense