/usr/local/www/firewall_nat_out.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_out.php @ 407f6220

1	19ae0929	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_out.php
5	c55b323d	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
6			All rights reserved.
7	19ae0929	Scott Ullrich
8	c55b323d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	19ae0929	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	19ae0929	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	19ae0929	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	19ae0929	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: nat
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-nat-outbound
39			##\|*NAME=Firewall: NAT: Outbound page
40			##\|*DESCR=Allow access to the 'Firewall: NAT: Outbound' page.
41			##\|MATCH=firewall_nat_out.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	7a927e67	Scott Ullrich	require_once("functions.inc");
46			require_once("filter.inc");
47			require_once("shaper.inc");
48	5b237745	Scott Ullrich
49	c44d3cf7	Ermal Lu?i	if (!is_array($config['nat']['advancedoutbound']))
50			$config['nat']['advancedoutbound'] = array();
51
52	5b237745	Scott Ullrich	if (!is_array($config['nat']['advancedoutbound']['rule']))
53	82d0dfc4	Scott Ullrich	$config['nat']['advancedoutbound']['rule'] = array();
54	19ae0929	Scott Ullrich
55	5b237745	Scott Ullrich	$a_out = &$config['nat']['advancedoutbound']['rule'];
56
57	82d0dfc4	Scott Ullrich	if ($_POST['apply']) {
58			write_config();
59	5b237745	Scott Ullrich
60	82d0dfc4	Scott Ullrich	$retval = 0;
61	920b3bb0	Scott Ullrich	$retval \|= filter_configure();
62
63	e8c2c890	Bill Marquette	if(stristr($retval, "error") <> true)
64			$savemsg = get_std_save_message($retval);
65			else
66			$savemsg = $retval;
67	19ae0929	Scott Ullrich
68	82d0dfc4	Scott Ullrich	if ($retval == 0) {
69	a368a026	Ermal Lu?i	clear_subsystem_dirty('natconf');
70			clear_subsystem_dirty('filter');
71	9c96aff5	Bill Marquette	}
72	5b237745	Scott Ullrich	}
73
74	fe693b89	Bill Marquette
75
76	82d0dfc4	Scott Ullrich	if (isset($_POST['save']) && $_POST['save'] == "Save") {
77	53bf5f1d	Seth Mos	/* mutually exclusive settings - if user wants advanced NAT, we don't generate automatic rules */
78	82d0dfc4	Scott Ullrich	switch ($_POST['advancedoripsec']) {
79			case "ipsecpassthru":
80			$config['nat']['ipsecpassthru']['enable'] = true;
81			unset($config['nat']['advancedoutbound']['enable']);
82			if(count($config['nat']['advancedoutbound']['rule']) == 0)
83			unset($config['nat']['advancedoutbound']['rule']);
84			break;
85			case "advancedoutboundnat":
86			$was_enabled = isset($config['nat']['advancedoutbound']['enable']);
87			$config['nat']['advancedoutbound']['enable'] = true;
88	f1f60c92	Ermal Luçi	if (isset($config['nat']['ipsecpassthru']['enable']))
89			unset($config['nat']['ipsecpassthru']['enable']);
90	82d0dfc4	Scott Ullrich	if($was_enabled == false) {
91			/*
92			* user has enabled advanced outbound nat -- lets automatically create entries
93			* for all of the interfaces to make life easier on the pip-o-chap
94			*/
95	cbe3ea96	Ermal Luçi	$ifdescrs = get_configured_interface_with_descr();
96
97			foreach($ifdescrs as $if => $ifdesc) {
98	a55e9c70	Ermal Lu?i	if (interface_has_gateway($if))
99	e1f675e4	Ermal Luçi	continue;
100	a55e9c70	Ermal Lu?i	if($ifdesc == "wan")
101	533e6800	Scott Ullrich	continue;
102	82d0dfc4	Scott Ullrich	$natent = array();
103	a55e9c70	Ermal Lu?i	$osipaddr = get_interface_ip($if);
104			$ossubnet = get_interface_subnet($if);
105			if (!is_ipaddr($osipaddr) \|\| empty($ossubnet))
106			continue;
107			$osn = gen_subnet($osipaddr, $ossubnet);
108			$natent['source']['network'] = "{$osn}/{$ossubnet}";
109	82d0dfc4	Scott Ullrich	$natent['sourceport'] = "";
110	cbe3ea96	Ermal Luçi	$natent['descr'] = "Auto created rule for {$ifdesc}";
111	82d0dfc4	Scott Ullrich	$natent['target'] = "";
112			$natent['interface'] = "wan";
113			$natent['destination']['any'] = true;
114			$natent['natport'] = "";
115			$a_out[] = $natent;
116	fa56ab75	Scott Ullrich	}
117	82d0dfc4	Scott Ullrich	$savemsg = "Default rules for each interface have been created.";
118			}
119			break;
120			}
121	63868cb8	Scott Ullrich	write_config();
122	a368a026	Ermal Lu?i	mark_subsystem_dirty('natconf');
123	63868cb8	Scott Ullrich	header("Location: firewall_nat_out.php");
124			exit;
125	fe693b89	Bill Marquette	}
126
127	9c96aff5	Bill Marquette	if (isset($_POST['del_x'])) {
128			/* delete selected rules */
129			if (is_array($_POST['rule']) && count($_POST['rule'])) {
130			foreach ($_POST['rule'] as $rulei) {
131			unset($a_out[$rulei]);
132			}
133			write_config();
134	a368a026	Ermal Lu?i	mark_subsystem_dirty('natconf');
135	9c96aff5	Bill Marquette	header("Location: firewall_nat_out.php");
136			exit;
137			}
138
139			} else {
140	87b10bed	Bill Marquette	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
141	9c96aff5	Bill Marquette	unset($movebtn);
142			foreach ($_POST as $pn => $pd) {
143			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
144			$movebtn = $matches[1];
145			break;
146			}
147			}
148			/* move selected rules before this rule */
149			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
150			$a_out_new = array();
151
152			/* copy all rules < $movebtn and not selected */
153			for ($i = 0; $i < $movebtn; $i++) {
154			if (!in_array($i, $_POST['rule']))
155			$a_out_new[] = $a_out[$i];
156			}
157
158			/* copy all selected rules */
159			for ($i = 0; $i < count($a_out); $i++) {
160			if ($i == $movebtn)
161			continue;
162			if (in_array($i, $_POST['rule']))
163			$a_out_new[] = $a_out[$i];
164			}
165
166			/* copy $movebtn rule */
167			if ($movebtn < count($a_out))
168			$a_out_new[] = $a_out[$movebtn];
169
170			/* copy all rules > $movebtn and not selected */
171			for ($i = $movebtn+1; $i < count($a_out); $i++) {
172			if (!in_array($i, $_POST['rule']))
173			$a_out_new[] = $a_out[$i];
174			}
175	82d0dfc4	Scott Ullrich	if (count($a_out_new) > 0)
176			$a_out = $a_out_new;
177			else
178			unset($config['nat']['advancedoutbound']);
179
180	9c96aff5	Bill Marquette	write_config();
181	a368a026	Ermal Lu?i	mark_subsystem_dirty('natconf');
182	9c96aff5	Bill Marquette	header("Location: firewall_nat_out.php");
183			exit;
184			}
185	5b237745	Scott Ullrich	}
186	9c96aff5	Bill Marquette
187
188	d88c6a9f	Scott Ullrich	$pgtitle = array("Firewall","NAT","Outbound");
189	6eb17647	Scott Ullrich	include("head.inc");
190
191	24f600b0	Scott Ullrich	?>
192	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
193			<?php include("fbegin.inc"); ?>
194	fe693b89	Bill Marquette	<form action="firewall_nat_out.php" method="post" name="iform">
195	625dcc40	Bill Marquette	<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js">
196	3f57ceee	Bill Marquette	</script>
197	5b237745	Scott Ullrich	<?php if ($savemsg) print_info_box($savemsg); ?>
198	a368a026	Ermal Lu?i	<?php if (is_subsystem_dirty('natconf')): ?><p>
199	5b237745	Scott Ullrich	<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
200			<?php endif; ?>
201			<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
202	a8726a3d	Scott Ullrich	<?php
203			$tab_array = array();
204	1425e067	Bill Marquette	$tab_array[] = array("Port Forward", false, "firewall_nat.php");
205			$tab_array[] = array("1:1", false, "firewall_nat_1to1.php");
206			$tab_array[] = array("Outbound", true, "firewall_nat_out.php");
207	a8726a3d	Scott Ullrich	display_top_tabs($tab_array);
208			?>
209	5b237745	Scott Ullrich	</td></tr>
210	19ae0929	Scott Ullrich	<tr>
211	d732f186	Bill Marquette	<td>
212			<div id="mainarea">
213			<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
214	fe693b89	Bill Marquette	<tr>
215	5b237745	Scott Ullrich	<td class="vtable"><p>
216	82d0dfc4	Scott Ullrich	<input name="advancedoripsec" type="radio" id="ipsecpassthru" value="ipsecpassthru" <?php if (isset($config['nat']['ipsecpassthru']['enable'])) echo "checked";?>>
217	69e108df	Chris Buechler	<strong><?=gettext("Automatic outbound NAT rule generation (IPsec passthrough)");?></strong></p>
218	6b3a7398	Scott Ullrich	</td>
219	5b237745	Scott Ullrich	</tr>
220	19ae0929	Scott Ullrich	<tr>
221	fe693b89	Bill Marquette	<td class="vtable"><p>
222	82d0dfc4	Scott Ullrich	<input name="advancedoripsec" type="radio" id="advancedoutbound" value="advancedoutboundnat" <?php if (isset($config['nat']['advancedoutbound']['enable'])) echo "checked";?>>
223	53bf5f1d	Seth Mos	<strong><?=gettext("Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))");?></strong></p></td>
224	fe693b89	Bill Marquette	</tr>
225			<tr>
226			<td> <input name="save" type="submit" class="formbtn" value="Save">
227	5b237745	Scott Ullrich	</td>
228			</tr>
229			<tr>
230	6b3a7398	Scott Ullrich	<td colspan="2"><p><span class="vexpl"><span class="red"><strong>Note:<br>
231	5b237745	Scott Ullrich	</strong></span>If advanced outbound NAT is enabled, no outbound NAT
232	af35a7e8	Scott Ullrich	rules will be automatically generated any longer. Instead, only the mappings
233	5b237745	Scott Ullrich	you specify below will be used. With advanced outbound NAT disabled,
234			a mapping is automatically created for each interface's subnet
235	0a82ada4	Bill Marquette	(except WAN). If you use target addresses other than the WAN interface's
236			IP address, then depending on the way your WAN connection is setup, you
237			may also need a <a href="firewall_virtual_ip.php">Virtual IP</a>.</span><br>
238	5b237745	Scott Ullrich	<br>
239			You may enter your own mappings below.</p>
240			</td>
241			</tr>
242			</table>
243	d732f186	Bill Marquette	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
244	3f57ceee	Bill Marquette	<tr id="frheader">
245			<td width="3%" class="list"> </td>
246			<td width="3%" class="list"> </td>
247	5b237745	Scott Ullrich	<td width="10%" class="listhdrr">Interface</td>
248	3af33993	Scott Ullrich	<td width="15%" class="listhdrr">Source</td>
249			<td width="10%" class="listhdrr">Source Port</td>
250			<td width="15%" class="listhdrr">Destination</td>
251			<td width="10%" class="listhdrr">Destination Port</td>
252			<td width="15%" class="listhdrr">NAT Address</td>
253	5d8b0205	Scott Ullrich	<td width="10%" class="listhdrr">NAT Port</td>
254			<td width="10%" class="listhdrr">Static Port</td>
255	5b237745	Scott Ullrich	<td width="25%" class="listhdr">Description</td>
256	d415d821	Seth Mos	<td width="5%" class="list">
257			<table border="0" cellspacing="0" cellpadding="1">
258			<tr>
259			<td width="17"></td>
260			<td><a href="firewall_nat_out_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add new mapping"></a></td>
261			</tr>
262			</table>
263			</td>
264	5b237745	Scott Ullrich	</tr>
265	9c96aff5	Bill Marquette	<?php $nnats = $i = 0; foreach ($a_out as $natent): ?>
266	3f57ceee	Bill Marquette	<tr valign="top" id="fr<?=$nnats;?>">
267			<td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
268	3364bed4	Bill Marquette	<td class="listt" align="center"></td>
269	f8b8c2fd	Bill Marquette	<td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
270	5b237745	Scott Ullrich	<?php
271			if (!$natent['interface'] \|\| ($natent['interface'] == "wan"))
272			echo "WAN";
273	c7f97efa	Scott Ullrich	else if (!$natent['interface'] \|\| ($natent['interface'] == "lan"))
274			echo "LAN";
275	f1f60c92	Ermal Luçi	else if ($natent['interface'] == "openvpn")
276			echo "OpenVPN";
277	5b237745	Scott Ullrich	else
278	bb43786e	Scott Ullrich	echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']);
279	5b237745	Scott Ullrich	?>
280	19f09ae1	Scott Ullrich
281	5b237745	Scott Ullrich	</td>
282	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
283	5b237745	Scott Ullrich	<?=$natent['source']['network'];?>
284			</td>
285	a88aca62	Scott Ullrich	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
286			<?php
287			if (!$natent['sourceport'])
288			echo "*";
289			else
290			echo $natent['sourceport'];
291			?>
292			</td>
293	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
294	5b237745	Scott Ullrich	<?php
295			if (isset($natent['destination']['any']))
296			echo "*";
297			else {
298			if (isset($natent['destination']['not']))
299			echo "! ";
300	2e56710c	Scott Ullrich	echo $natent['destination']['address'];
301	5b237745	Scott Ullrich	}
302			?>
303			</td>
304	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
305	a539f08b	Bill Marquette	<?php
306	a88aca62	Scott Ullrich	if (!$natent['dstport'])
307	a539f08b	Bill Marquette	echo "*";
308			else
309	a88aca62	Scott Ullrich	echo $natent['dstport'];
310	a539f08b	Bill Marquette	?>
311			</td>
312	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
313	5b237745	Scott Ullrich	<?php
314			if (!$natent['target'])
315			echo "*";
316			else
317			echo $natent['target'];
318			?>
319			</td>
320	4d38bfc3	Scott Ullrich	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
321			<?php
322	3af33993	Scott Ullrich	if (!$natent['natport'])
323	4d38bfc3	Scott Ullrich	echo "*";
324			else
325	3af33993	Scott Ullrich	echo $natent['natport'];
326			?>
327	5d8b0205	Scott Ullrich	</td>
328			<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
329			<?php
330	b6905de8	Scott Ullrich	if(isset($natent['staticnatport']))
331	3ea05ff4	Scott Ullrich	echo "<CENTER>YES</CENTER>";
332	b6905de8	Scott Ullrich	else
333	3ea05ff4	Scott Ullrich	echo "<CENTER>NO</CENTER>";
334	5d8b0205	Scott Ullrich	?>
335	4d38bfc3	Scott Ullrich	</td>
336	f8b8c2fd	Bill Marquette	<td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
337	64286300	Scott Ullrich	<?=htmlspecialchars($natent['descr']);?>
338	5b237745	Scott Ullrich	</td>
339	9c96aff5	Bill Marquette	<td class="list" valign="middle" nowrap>
340			<table border="0" cellspacing="0" cellpadding="1">
341			<tr>
342	90e4939a	Bill Marquette	<td><a href="firewall_nat_out_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit mapping"></a></td>
343	9c96aff5	Bill Marquette	</tr>
344			<tr>
345	677c0869	Erik Kristensen	<td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td>
346			<td><a href="firewall_nat_out_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td>
347	9c96aff5	Bill Marquette	</tr>
348			</table>
349			<?php $i++; $nnats++; endforeach; ?>
350	19ae0929	Scott Ullrich	<tr>
351	3af33993	Scott Ullrich	<td class="list" colspan="11"></td>
352	9c96aff5	Bill Marquette	<td class="list" valign="middle" nowrap>
353			<table border="0" cellspacing="0" cellpadding="1">
354			<tr>
355	677c0869	Erik Kristensen	<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td>
356	90e4939a	Bill Marquette	<td><a href="firewall_nat_out_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add new mapping"></a></td>
357	9c96aff5	Bill Marquette	</tr>
358			<tr>
359	677c0869	Erik Kristensen	<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td>
360	9c96aff5	Bill Marquette	</tr>
361			</table></td>
362	5b237745	Scott Ullrich	</tr>
363			</table>
364	d732f186	Bill Marquette	</div>
365	5b237745	Scott Ullrich	</td>
366			</tr>
367			</table>
368			</form>
369			<?php include("fend.inc"); ?>
370			</body>
371			</html>

Project

General

Profile

pfSense