/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ 25f36aaf

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	1a03cf69	Scott Ullrich	require("filter.inc");
45			require("shaper.inc");
46	5b237745	Scott Ullrich
47			if (!is_array($config['nat']['rule'])) {
48			$config['nat']['rule'] = array();
49			}
50			$a_nat = &$config['nat']['rule'];
51
52			$id = $_GET['id'];
53			if (isset($_POST['id']))
54			$id = $_POST['id'];
55
56	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
57			$id = $_GET['dup'];
58			$after = $_GET['dup'];
59			}
60
61	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
62			$pconfig['extaddr'] = $a_nat[$id]['external-address'];
63			$pconfig['proto'] = $a_nat[$id]['protocol'];
64			list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']);
65	21f88b49	sullrich	if(!$pconfig['endport'])
66			$pconfig['endport'] = $pconfig['beginport'];
67	5b237745	Scott Ullrich	$pconfig['localip'] = $a_nat[$id]['target'];
68			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
69			$pconfig['descr'] = $a_nat[$id]['descr'];
70			$pconfig['interface'] = $a_nat[$id]['interface'];
71	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
72	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
73	5b237745	Scott Ullrich	if (!$pconfig['interface'])
74			$pconfig['interface'] = "wan";
75			} else {
76			$pconfig['interface'] = "wan";
77			}
78
79	a6713b32	Bill Marquette	if (isset($_GET['dup']))
80			unset($id);
81
82	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
83			* cannot think he is slick and perform a XSS attack on the unwilling
84			*/
85	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
86			$temp = $value;
87			$newpost = htmlentities($temp);
88			if($newpost <> $temp)
89	f320386c	Scott Ullrich	$input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again.";
90	ef2a753c	Scott Ullrich	}
91
92	5b237745	Scott Ullrich	if ($_POST) {
93
94			if ($_POST['beginport_cust'] && !$_POST['beginport'])
95			$_POST['beginport'] = $_POST['beginport_cust'];
96			if ($_POST['endport_cust'] && !$_POST['endport'])
97			$_POST['endport'] = $_POST['endport_cust'];
98			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
99			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
100	9ae40f2b	Scott Ullrich
101	5b237745	Scott Ullrich	if (!$_POST['endport'])
102			$_POST['endport'] = $_POST['beginport'];
103	aa3400b8	Scott Ullrich	/* Make beginning port end port if not defined and endport is */
104			if (!$_POST['beginport'] && $_POST['endport'])
105			$_POST['beginport'] = $_POST['endport'];
106	9ae40f2b	Scott Ullrich
107	5b237745	Scott Ullrich	unset($input_errors);
108			$pconfig = $_POST;
109
110			/* input validation */
111	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
112	92442757	Scott Ullrich	$reqdfields = explode(" ", "interface proto beginport endport localip localbeginport");
113	221c77a6	Scott Ullrich	$reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port");
114	b66f7667	Scott Ullrich	} else {
115			$reqdfields = explode(" ", "interface proto localip");
116	ea0805c1	Scott Ullrich	$reqdfieldsn = explode(",", "Interface,Protocol,NAT IP");
117	b66f7667	Scott Ullrich	}
118	9ae40f2b	Scott Ullrich
119	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120	9ae40f2b	Scott Ullrich
121	5b237745	Scott Ullrich	if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
122	5eb817bc	Bill Marquette	$input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias.";
123	5b237745	Scott Ullrich	}
124	9ae40f2b	Scott Ullrich
125	b66f7667	Scott Ullrich	/* only validate the ports if the protocol is TCP, UDP or TCP/UDP */
126	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
127	9ae40f2b	Scott Ullrich
128	1e578a7f	Ermal Lu?i	if ($_POST['beginport'] && !is_portoralias($_POST['beginport'])) {
129	b66f7667	Scott Ullrich	$input_errors[] = "The start port must be an integer between 1 and 65535.";
130			}
131
132	1e578a7f	Ermal Lu?i	if ($_POST['endport'] && !is_portoralias($_POST['endport'])) {
133	b66f7667	Scott Ullrich	$input_errors[] = "The end port must be an integer between 1 and 65535.";
134			}
135
136	1e578a7f	Ermal Lu?i	if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
137	b66f7667	Scott Ullrich	$input_errors[] = "The local port must be an integer between 1 and 65535.";
138			}
139
140			if ($_POST['beginport'] > $_POST['endport']) {
141			/* swap */
142			$tmp = $_POST['endport'];
143			$_POST['endport'] = $_POST['beginport'];
144			$_POST['beginport'] = $tmp;
145			}
146
147			if (!$input_errors) {
148			if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
149			$input_errors[] = "The target port range must be an integer between 1 and 65535.";
150			}
151	ea0805c1	Scott Ullrich
152	5b237745	Scott Ullrich	}
153	9ae40f2b	Scott Ullrich
154	5b237745	Scott Ullrich	/* check for overlaps */
155			foreach ($a_nat as $natent) {
156			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
157			continue;
158			if ($natent['interface'] != $_POST['interface'])
159			continue;
160			if ($natent['external-address'] != $_POST['extaddr'])
161			continue;
162	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
163			continue;
164	ea0805c1	Scott Ullrich
165	5b237745	Scott Ullrich	list($begp,$endp) = explode("-", $natent['external-port']);
166			if (!$endp)
167			$endp = $begp;
168	ea0805c1	Scott Ullrich
169	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
170			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
171	ea0805c1	Scott Ullrich
172	5b237745	Scott Ullrich	$input_errors[] = "The external port range overlaps with an existing entry.";
173			break;
174			}
175			}
176
177			if (!$input_errors) {
178			$natent = array();
179			if ($_POST['extaddr'])
180			$natent['external-address'] = $_POST['extaddr'];
181			$natent['protocol'] = $_POST['proto'];
182	9ae40f2b	Scott Ullrich
183	5b237745	Scott Ullrich	if ($_POST['beginport'] == $_POST['endport'])
184			$natent['external-port'] = $_POST['beginport'];
185			else
186			$natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport'];
187	9ae40f2b	Scott Ullrich
188	5b237745	Scott Ullrich	$natent['target'] = $_POST['localip'];
189			$natent['local-port'] = $_POST['localbeginport'];
190			$natent['interface'] = $_POST['interface'];
191			$natent['descr'] = $_POST['descr'];
192	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
193	297ed624	unknown
194	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
195	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
196	9ae40f2b	Scott Ullrich
197	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
198			$natent['nosync'] = true;
199			else
200			unset($natent['nosync']);
201
202	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
203	9b16b834	Ermal Lu?i	if ($a_nat[$id]>0 && empty($natent['associated-rule-id'])) {
204	473d0ff0	pierrepomes	// Delete the previous rule
205	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
206	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
207			}
208
209	5335abae	unknown	$need_filter_rule = false;
210			// Updating a rule with a filter rule associated
211	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
212	5335abae	unknown	$need_filter_rule = true;
213	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
214	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
215	473d0ff0	pierrepomes	$need_filter_rule = true;
216	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
217	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
218			}
219	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
220	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
221			($_POST['filter-rule-association']=='add-associated' \|\|
222	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
223			$need_filter_rule = true;
224
225	473d0ff0	pierrepomes	// Determine NAT entry ID now, we need it for the firewall rule
226			if (isset($id) && $a_nat[$id])
227			$a_nat[$id] = $natent;
228			else {
229			if (is_numeric($after))
230			$id = $after + 1;
231			else
232			$id = count($a_nat);
233			}
234	5335abae	unknown
235	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
236	9ae40f2b	Scott Ullrich
237	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
238	9ae40f2b	Scott Ullrich	$filterent = array();
239	9b16b834	Ermal Lu?i	unset($filterentid);
240	473d0ff0	pierrepomes	// If a rule already exists, load it
241	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
242			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
243			if ($filterentid == false) {
244			$filterent['source']['any'] = "";
245			$filterent['associated-rule-id'] = $natent['associated-rule-id'];
246			} else
247			$filterent =& $config['filter']['rule'][$filterentid];
248			} else
249	473d0ff0	pierrepomes	// Create the default source entry for new filter entries
250			$filterent['source']['any'] = "";
251
252			// Update interface, protocol and destination
253	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
254			$filterent['protocol'] = $_POST['proto'];
255			$filterent['destination']['address'] = $_POST['localip'];
256	9ae40f2b	Scott Ullrich
257	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
258			$dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport'];
259	9ae40f2b	Scott Ullrich
260	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
261			$filterent['destination']['port'] = $dstpfrom;
262			else
263			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
264	9ae40f2b	Scott Ullrich
265	06246e5b	Seth Mos	/*
266			* Our firewall filter description may be no longer than
267			* 63 characters, so don't let it be.
268			*/
269	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
270	9ae40f2b	Scott Ullrich
271	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
272			if( $_POST['filter-rule-association']=='add-associated' ) {
273	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
274	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
275			}
276	9ae40f2b	Scott Ullrich
277	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
278	5b237745	Scott Ullrich	}
279	9ae40f2b	Scott Ullrich
280	473d0ff0	pierrepomes	// Update the NAT entry now
281	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
282			$a_nat[$id] = $natent;
283			else {
284			if (is_numeric($after))
285			array_splice($a_nat, $after+1, 0, array($natent));
286			else
287			$a_nat[] = $natent;
288			}
289
290			mark_subsystem_dirty('natconf');
291
292	5b237745	Scott Ullrich	write_config();
293	9ae40f2b	Scott Ullrich
294	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
295			exit;
296			}
297			}
298	da7ae7ef	Bill Marquette
299	d88c6a9f	Scott Ullrich	$pgtitle = array("Firewall","NAT","Port Forward: Edit");
300	da7ae7ef	Bill Marquette	include("head.inc");
301
302	5b237745	Scott Ullrich	?>
303	da7ae7ef	Bill Marquette
304	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
305	4ce8ac00	Erik Kristensen	<?php
306			include("fbegin.inc"); ?>
307	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
308			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
309			<table width="100%" border="0" cellpadding="6" cellspacing="0">
310	2a6cb2d6	Scott Ullrich	<tr>
311			<td colspan="2" valign="top" class="listtopic">Edit NAT entry</td>
312			</tr>
313			<tr>
314	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
315			<td width="78%" class="vtable">
316	b5c78501	Seth Mos	<select name="interface" class="formselect">
317	5b237745	Scott Ullrich	<?php
318	40b56dc1	Scott Ullrich
319	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
320			foreach ($iflist as $if => $ifdesc)
321			if(have_ruleint_access($if))
322			$interfaces[$if] = $ifdesc;
323	40b56dc1	Scott Ullrich
324			if ($config['pptpd']['mode'] == "server")
325			if(have_ruleint_access("pptp"))
326			$interfaces['pptp'] = "PPTP VPN";
327
328			if ($config['pppoe']['mode'] == "server")
329			if(have_ruleint_access("pppoe"))
330			$interfaces['pppoe'] = "PPPoE VPN";
331
332			/* add ipsec interfaces */
333			if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['mobileclients']['enable']))
334			if(have_ruleint_access("enc0"))
335	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
336	40b56dc1	Scott Ullrich
337	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
338			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
339			<?=htmlspecialchars($ifacename);?>
340			</option>
341			<?php endforeach; ?>
342			</select><br>
343			<span class="vexpl">Choose which interface this rule applies to.<br>
344			Hint: in most cases, you'll want to use WAN here.</span></td>
345			</tr>
346	9ae40f2b	Scott Ullrich	<tr>
347	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">External address</td>
348	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
349	b5c78501	Seth Mos	<select name="extaddr" class="formselect">
350	4ce8ac00	Erik Kristensen	<option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option>
351			<?php if (is_array($config['virtualip']['vip'])):
352	c9204896	Ermal Lu?i	foreach ($config['virtualip']['vip'] as $sn):
353			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
354			$baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits']));
355			for ($i = $sn['subnet_bits']; $i <= 32; $i++):
356			$baseip = $baseip + 1;
357			$snip = long2ip($baseip);
358			?>
359			<option value="<?=$snip;?>" <?php if ($snip == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
360			<?php endfor;
361			else: ?>
362	4ce8ac00	Erik Kristensen	<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
363	c9204896	Ermal Lu?i	<?php endif; ?>
364	4ce8ac00	Erik Kristensen	<?php endforeach;
365			endif; ?>
366			<option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option>
367			</select>
368			<br />
369	5b237745	Scott Ullrich	<span class="vexpl">
370			If you want this rule to apply to another IP address than the IP address of the interface chosen above,
371	1425e067	Bill Marquette	select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.</span></td>
372	5b237745	Scott Ullrich	</tr>
373	9ae40f2b	Scott Ullrich	<tr>
374	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
375	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
376	b5c78501	Seth Mos	<select name="proto" class="formselect" onChange="proto_change(); check_for_aliases();">
377	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
378	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
379			<?php endforeach; ?>
380	9ae40f2b	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
381	5b237745	Scott Ullrich	this rule should match.<br>
382			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
383			</tr>
384	9ae40f2b	Scott Ullrich	<tr>
385			<td width="22%" valign="top" class="vncellreq">External port
386	5b237745	Scott Ullrich	range </td>
387	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
388	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
389	9ae40f2b	Scott Ullrich	<tr>
390	5b237745	Scott Ullrich	<td>from:  </td>
391	b5c78501	Seth Mos	<td><select name="beginport" class="formselect" onChange="ext_rep_change(); ext_change(); check_for_aliases();">
392	5b237745	Scott Ullrich	<option value="">(other)</option>
393			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
394			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) {
395	0e6998d1	Scott Ullrich	echo "selected";
396			$bfound = 1;
397			}?>>
398	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
399			</option>
400			<?php endforeach; ?>
401	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td>
402	5b237745	Scott Ullrich	</tr>
403	9ae40f2b	Scott Ullrich	<tr>
404	5b237745	Scott Ullrich	<td>to:</td>
405	b5c78501	Seth Mos	<td><select name="endport" class="formselect" onChange="ext_change(); check_for_aliases();">
406	5b237745	Scott Ullrich	<option value="">(other)</option>
407			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
408			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) {
409	0e6998d1	Scott Ullrich	echo "selected";
410			$bfound = 1;
411			}?>>
412	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
413			</option>
414			<?php endforeach; ?>
415	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td>
416	5b237745	Scott Ullrich	</tr>
417			</table>
418	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range on
419	5b237745	Scott Ullrich	the firewall's external address for this mapping.<br>
420	9ae40f2b	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
421	5b237745	Scott Ullrich	want to map a single port</span></td>
422			</tr>
423	9ae40f2b	Scott Ullrich	<tr>
424	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">NAT IP</td>
425	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
426	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
427	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Enter the internal IP address of
428	5b237745	Scott Ullrich	the server on which you want to map the ports.<br>
429			e.g. <em>192.168.1.12</em></span></td>
430			</tr>
431	9ae40f2b	Scott Ullrich	<tr>
432	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local port</td>
433	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
434	b5c78501	Seth Mos	<select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();">
435	5b237745	Scott Ullrich	<option value="">(other)</option>
436			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
437			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
438	0e6998d1	Scott Ullrich	echo "selected";
439			$bfound = 1;
440			}?>>
441	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
442			</option>
443			<?php endforeach; ?>
444	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>">
445	5b237745	Scott Ullrich	<br>
446	9ae40f2b	Scott Ullrich	<span class="vexpl">Specify the port on the machine with the
447			IP address entered above. In case of a port range, specify
448			the beginning port of the range (the end port will be calculated
449	5b237745	Scott Ullrich	automatically).<br>
450			Hint: this is usually identical to the 'from' port above</span></td>
451			</tr>
452	9ae40f2b	Scott Ullrich	<tr>
453	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
454	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
455	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
456	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">You may enter a description here
457	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
458	53ea15e0	Scott Ullrich	</tr>
459	d00055f8	Scott Ullrich	<tr>
460			<td width="22%" valign="top" class="vncell">No XMLRPC Sync</td>
461			<td width="78%" class="vtable">
462	3fafce5a	Scott Ullrich	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
463	df593437	Scott Ullrich	HINT: This prevents the rule from automatically syncing to other CARP members.
464	d00055f8	Scott Ullrich	</td>
465	ea0805c1	Scott Ullrich	</tr>
466	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
467			<tr>
468	5335abae	unknown	<td width="22%" valign="top" class="vncell">Filter rule association</td>
469	b9e28d57	unknown	<td width="78%" class="vtable">
470	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
471	5335abae	unknown	<option value="">None</option>
472	9b16b834	Ermal Lu?i	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>>Pass</option>
473			<?php
474	cdf9847b	Ermal Lu?i	$linkedrule = "";
475	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
476	cdf9847b	Ermal Lu?i	$filter_id = 0;
477	9b16b834	Ermal Lu?i	foreach ($config['filter']['rule'] as $filter_rule) {
478			if (isset($filter_rule['associated-rule-id'])) {
479			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
480	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
481	9b16b834	Ermal Lu?i	echo " SELECTED";
482	cdf9847b	Ermal Lu?i	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">View the filter rule</a><br/>";
483			}
484	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
485
486			}
487	cdf9847b	Ermal Lu?i	if ($filter_rule['interface'] == $pconfig['interface'])
488			$filter_id++;
489	9b16b834	Ermal Lu?i	}
490			}
491			if (isset($pconfig['associated-rule-id']))
492			echo "<option value=\"new\">Create new associated filter rule</option>\n";
493			echo "</select>\n";
494	cdf9847b	Ermal Lu?i	echo $linkedrule;
495	9b16b834	Ermal Lu?i	?>
496	b9e28d57	unknown	</td>
497			</tr>
498			<?php endif; ?>
499	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
500	9ae40f2b	Scott Ullrich	<tr>
501	64716c95	Scott Ullrich	<td width="22%" valign="top" class="vncell">Filter rule association</td>
502	5d2742d5	sullrich	<td width="78%" class="vtable">
503	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
504			<option value="">None</option>
505	8b1f77be	Scott Ullrich	<option value="add-associated" selected="selected">Add associated filter rule</option>
506			<option value="add-unassociated">Add unassociated filter rule</option>
507	5335abae	unknown	<option value="pass">Pass</option>
508			</select>
509			</td>
510	5b237745	Scott Ullrich	</tr><?php endif; ?>
511	147b90b8	Scott Ullrich	<tr>
512			<td width="22%" valign="top"> </td>
513			<td width="78%"> </td>
514			</tr>
515	9ae40f2b	Scott Ullrich	<tr>
516	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
517	9ae40f2b	Scott Ullrich	<td width="78%">
518	fc01e414	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
519	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
520	9ae40f2b	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
521	5b237745	Scott Ullrich	<?php endif; ?>
522			</td>
523			</tr>
524			</table>
525			</form>
526			<script language="JavaScript">
527			<!--
528	4ce8ac00	Erik Kristensen	ext_change();
529	5b237745	Scott Ullrich	//-->
530			</script>
531	9ae40f2b	Scott Ullrich	<?php
532			$isfirst = 0;
533			$aliases = "";
534			$addrisfirst = 0;
535			$aliasesaddr = "";
536	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
537			foreach($config['aliases']['alias'] as $alias_name) {
538	b6867d81	Ermal Lu?i	switch ($alias_name['type']) {
539			case "port":
540			if($isfirst == 1) $portaliases .= ",";
541			$portaliases .= "'" . $alias_name['name'] . "'";
542			$isfirst = 1;
543			break;
544			case "host":
545			case "network":
546			case "openvpn":
547			if($addrisfirst == 1) $aliasesaddr .= ",";
548			$aliasesaddr .= "'" . $alias_name['name'] . "'";
549			$addrisfirst = 1;
550			break;
551			default:
552			break;
553	b964717d	Scott Ullrich	}
554	9ae40f2b	Scott Ullrich	}
555			?>
556			<script language="JavaScript">
557			<!--
558	4ce8ac00	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
559	b6867d81	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
560	9eb60dcc	Ermal Lu?i
561			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
562			var oTextbox2 = new AutoSuggestControl(document.getElementById("beginport_cust"), new StateSuggestions(customarray));
563			var oTextbox3 = new AutoSuggestControl(document.getElementById("endport_cust"), new StateSuggestions(customarray));
564			var oTextbox4 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
565	9ae40f2b	Scott Ullrich	//-->
566			</script>
567	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
568			</body>
569			</html>

Project

General

Profile

pfSense