/usr/local/www/firewall_nat_out.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_out.php @ 4ca53d18

1	19ae0929	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_out.php
5	c55b323d	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
6			All rights reserved.
7	19ae0929	Scott Ullrich
8	c55b323d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	19ae0929	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	19ae0929	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	19ae0929	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	19ae0929	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34			require("guiconfig.inc");
35
36			if (!is_array($config['nat']['advancedoutbound']['rule']))
37			$config['nat']['advancedoutbound']['rule'] = array();
38	19ae0929	Scott Ullrich
39	5b237745	Scott Ullrich	$a_out = &$config['nat']['advancedoutbound']['rule'];
40
41			if ($_POST) {
42
43			$pconfig = $_POST;
44
45	9c96aff5	Bill Marquette	if ($_POST['apply']) {
46	19ae0929	Scott Ullrich
47	9c96aff5	Bill Marquette	write_config();
48
49			$retval = 0;
50	19ae0929	Scott Ullrich
51	920b3bb0	Scott Ullrich	config_lock();
52			$retval \|= filter_configure();
53			config_unlock();
54
55	e8c2c890	Bill Marquette	if(stristr($retval, "error") <> true)
56			$savemsg = get_std_save_message($retval);
57			else
58			$savemsg = $retval;
59	19ae0929	Scott Ullrich
60	9c96aff5	Bill Marquette	if ($retval == 0) {
61			if (file_exists($d_natconfdirty_path))
62			unlink($d_natconfdirty_path);
63			if (file_exists($d_filterconfdirty_path))
64			unlink($d_filterconfdirty_path);
65			}
66	5b237745	Scott Ullrich	}
67			}
68
69	fe693b89	Bill Marquette
70
71			if (isset($_POST['save'])) {
72	4335b4af	Scott Ullrich	$was_enabled = $config['nat']['advancedoutbound']['enable'];
73	63868cb8	Scott Ullrich	/* mutually exclusive settings - if user wants advanced NAT, we don't help with IPSec */
74			if ($_POST['ipsecpassthru'] == true) {
75			$config['nat']['ipsecpassthru']['enable'] = true;
76			$config['nat']['advancedoutbound']['enable'] = false;
77			}
78			if ($_POST['advancedoutbound'] == true) {
79			$config['nat']['advancedoutbound']['enable'] = true;
80			$config['nat']['ipsecpassthru']['enable'] = false;
81			}
82			if ($_POST['ipsecpassthru'] == false)
83			$config['nat']['ipsecpassthru']['enable'] = false;
84			if ($_POST['advancedoutbound'] == false)
85			$config['nat']['advancedoutbound']['enable'] = false;
86	b639cf60	Scott Ullrich	if(!$was_enabled and $_POST['advancedoutbound'] <> "") {
87	63868cb8	Scott Ullrich	/*
88			* user has enabled advanced outbound nat -- lets automatically create entries
89			* for all of the interfaces to make life easier on the pip-o-chap
90			*/
91			$a_out = &$config['nat']['advancedoutbound']['rule'];
92			$ifdescrs = array('lan');
93			for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
94			$ifdescrs[] = "opt" . $j;
95			foreach($ifdescrs as $if) {
96	fa56ab75	Scott Ullrich	if($if <> "lan" and $if <> "wan") {
97			/* interface is an optional. is it enabled? */
98			if(!isset($config['interfaces'][$if]['enabled'])) {
99			continue;
100			}
101			}
102	63868cb8	Scott Ullrich	$natent = array();
103	7a6bbeca	Scott Ullrich	$osn = gen_subnet($config['interfaces'][$if]['ipaddr'],
104	3decfc11	Scott Ullrich	$config['interfaces'][$if]['subnet']);
105	7a6bbeca	Scott Ullrich	$natent['source']['network'] = $osn . "/" . $config['interfaces'][$if]['subnet'];
106	63868cb8	Scott Ullrich	$natent['sourceport'] = "";
107	04452b37	Scott Ullrich	$int_description = $config['interfaces'][$if]['descr'];
108			if($if == "lan")
109			$int_description = "LAN";
110			$natent['descr'] = "Auto created rule for {$int_description}";
111	63868cb8	Scott Ullrich	$natent['target'] = "";
112			$natent['interface'] = "wan";
113			$natent['destination']['any'] = true;
114			$natent['natport'] = "";
115			$a_out[] = $natent;
116			}
117	e034e424	Scott Ullrich	$savemsg = "Default rules for each interface have been created.";
118	63868cb8	Scott Ullrich	}
119			write_config();
120			touch($d_natconfdirty_path);
121			header("Location: firewall_nat_out.php");
122			exit;
123	fe693b89	Bill Marquette	}
124
125	9c96aff5	Bill Marquette	if (isset($_POST['del_x'])) {
126			/* delete selected rules */
127			if (is_array($_POST['rule']) && count($_POST['rule'])) {
128			foreach ($_POST['rule'] as $rulei) {
129			unset($a_out[$rulei]);
130			}
131			write_config();
132			touch($d_natconfdirty_path);
133			header("Location: firewall_nat_out.php");
134			exit;
135			}
136
137			} else {
138	87b10bed	Bill Marquette	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
139	9c96aff5	Bill Marquette	unset($movebtn);
140			foreach ($_POST as $pn => $pd) {
141			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
142			$movebtn = $matches[1];
143			break;
144			}
145			}
146			/* move selected rules before this rule */
147			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
148			$a_out_new = array();
149
150			/* copy all rules < $movebtn and not selected */
151			for ($i = 0; $i < $movebtn; $i++) {
152			if (!in_array($i, $_POST['rule']))
153			$a_out_new[] = $a_out[$i];
154			}
155
156			/* copy all selected rules */
157			for ($i = 0; $i < count($a_out); $i++) {
158			if ($i == $movebtn)
159			continue;
160			if (in_array($i, $_POST['rule']))
161			$a_out_new[] = $a_out[$i];
162			}
163
164			/* copy $movebtn rule */
165			if ($movebtn < count($a_out))
166			$a_out_new[] = $a_out[$movebtn];
167
168			/* copy all rules > $movebtn and not selected */
169			for ($i = $movebtn+1; $i < count($a_out); $i++) {
170			if (!in_array($i, $_POST['rule']))
171			$a_out_new[] = $a_out[$i];
172			}
173			$a_out = $a_out_new;
174			write_config();
175			touch($d_natconfdirty_path);
176			header("Location: firewall_nat_out.php");
177			exit;
178			}
179	5b237745	Scott Ullrich	}
180	9c96aff5	Bill Marquette
181
182	183a4aae	Bill Marquette	$pgtitle = "Firewall: NAT: Outbound";
183	6eb17647	Scott Ullrich	include("head.inc");
184
185	24f600b0	Scott Ullrich	?>
186	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
187			<?php include("fbegin.inc"); ?>
188	e8074dcd	Bill Marquette	<p class="pgtitle">Firewall: NAT: Outbound</p>
189	fe693b89	Bill Marquette	<form action="firewall_nat_out.php" method="post" name="iform">
190	3f57ceee	Bill Marquette	<script type="text/javascript" language="javascript" src="row_toggle.js">
191			</script>
192	5b237745	Scott Ullrich	<?php if ($savemsg) print_info_box($savemsg); ?>
193			<?php if (file_exists($d_natconfdirty_path)): ?><p>
194			<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
195			<?php endif; ?>
196			<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
197	a8726a3d	Scott Ullrich	<?php
198			$tab_array = array();
199	1425e067	Bill Marquette	$tab_array[] = array("Port Forward", false, "firewall_nat.php");
200			$tab_array[] = array("1:1", false, "firewall_nat_1to1.php");
201			$tab_array[] = array("Outbound", true, "firewall_nat_out.php");
202	a8726a3d	Scott Ullrich	display_top_tabs($tab_array);
203			?>
204	5b237745	Scott Ullrich	</td></tr>
205	19ae0929	Scott Ullrich	<tr>
206	d732f186	Bill Marquette	<td>
207			<div id="mainarea">
208			<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
209	fe693b89	Bill Marquette	<tr>
210	5b237745	Scott Ullrich	<td class="vtable"><p>
211	fe693b89	Bill Marquette	<input name="ipsecpassthru" type="checkbox" id="ipsecpassthru" value="yes" onClick="document.iform.advancedoutbound.checked=false" <?php if (isset($config['nat']['ipsecpassthru']['enable'])) echo "checked";?>>
212			<strong>Enable IPSec passthru</strong></p>
213	6b3a7398	Scott Ullrich	</td>
214	5b237745	Scott Ullrich	</tr>
215	19ae0929	Scott Ullrich	<tr>
216	fe693b89	Bill Marquette	<td class="vtable"><p>
217			<input name="advancedoutbound" type="checkbox" id="advancedoutbound" value="yes" onClick="document.iform.ipsecpassthru.checked=false" <?php if (isset($config['nat']['advancedoutbound']['enable'])) echo "checked";?>>
218			<strong>Enable advanced outbound NAT</strong></p></td>
219			</tr>
220			<tr>
221			<td> <input name="save" type="submit" class="formbtn" value="Save">
222	5b237745	Scott Ullrich	</td>
223			</tr>
224			<tr>
225	6b3a7398	Scott Ullrich	<td colspan="2"><p><span class="vexpl"><span class="red"><strong>Note:<br>
226	5b237745	Scott Ullrich	</strong></span>If advanced outbound NAT is enabled, no outbound NAT
227	af35a7e8	Scott Ullrich	rules will be automatically generated any longer. Instead, only the mappings
228	5b237745	Scott Ullrich	you specify below will be used. With advanced outbound NAT disabled,
229			a mapping is automatically created for each interface's subnet
230	0a82ada4	Bill Marquette	(except WAN). If you use target addresses other than the WAN interface's
231			IP address, then depending on the way your WAN connection is setup, you
232			may also need a <a href="firewall_virtual_ip.php">Virtual IP</a>.</span><br>
233	5b237745	Scott Ullrich	<br>
234			You may enter your own mappings below.</p>
235			</td>
236			</tr>
237			</table>
238	d732f186	Bill Marquette	<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
239	3f57ceee	Bill Marquette	<tr id="frheader">
240			<td width="3%" class="list"> </td>
241			<td width="3%" class="list"> </td>
242	5b237745	Scott Ullrich	<td width="10%" class="listhdrr">Interface</td>
243	3af33993	Scott Ullrich	<td width="15%" class="listhdrr">Source</td>
244			<td width="10%" class="listhdrr">Source Port</td>
245			<td width="15%" class="listhdrr">Destination</td>
246			<td width="10%" class="listhdrr">Destination Port</td>
247			<td width="15%" class="listhdrr">NAT Address</td>
248	5d8b0205	Scott Ullrich	<td width="10%" class="listhdrr">NAT Port</td>
249			<td width="10%" class="listhdrr">Static Port</td>
250	5b237745	Scott Ullrich	<td width="25%" class="listhdr">Description</td>
251			<td width="5%" class="list"></td>
252			</tr>
253	9c96aff5	Bill Marquette	<?php $nnats = $i = 0; foreach ($a_out as $natent): ?>
254	3f57ceee	Bill Marquette	<tr valign="top" id="fr<?=$nnats;?>">
255			<td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
256	3364bed4	Bill Marquette	<td class="listt" align="center"></td>
257	f8b8c2fd	Bill Marquette	<td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
258	5b237745	Scott Ullrich	<?php
259			if (!$natent['interface'] \|\| ($natent['interface'] == "wan"))
260			echo "WAN";
261	c7f97efa	Scott Ullrich	else if (!$natent['interface'] \|\| ($natent['interface'] == "lan"))
262			echo "LAN";
263	5b237745	Scott Ullrich	else
264	bb43786e	Scott Ullrich	echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']);
265	5b237745	Scott Ullrich	?>
266	19f09ae1	Scott Ullrich
267	5b237745	Scott Ullrich	</td>
268	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
269	5b237745	Scott Ullrich	<?=$natent['source']['network'];?>
270			</td>
271	a88aca62	Scott Ullrich	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
272			<?php
273			if (!$natent['sourceport'])
274			echo "*";
275			else
276			echo $natent['sourceport'];
277			?>
278			</td>
279	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
280	5b237745	Scott Ullrich	<?php
281			if (isset($natent['destination']['any']))
282			echo "*";
283			else {
284			if (isset($natent['destination']['not']))
285			echo "! ";
286	2e56710c	Scott Ullrich	echo $natent['destination']['address'];
287	5b237745	Scott Ullrich	}
288			?>
289			</td>
290	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
291	a539f08b	Bill Marquette	<?php
292	a88aca62	Scott Ullrich	if (!$natent['dstport'])
293	a539f08b	Bill Marquette	echo "*";
294			else
295	a88aca62	Scott Ullrich	echo $natent['dstport'];
296	a539f08b	Bill Marquette	?>
297			</td>
298	f8b8c2fd	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
299	5b237745	Scott Ullrich	<?php
300			if (!$natent['target'])
301			echo "*";
302			else
303			echo $natent['target'];
304			?>
305			</td>
306	4d38bfc3	Scott Ullrich	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
307			<?php
308	3af33993	Scott Ullrich	if (!$natent['natport'])
309	4d38bfc3	Scott Ullrich	echo "*";
310			else
311	3af33993	Scott Ullrich	echo $natent['natport'];
312			?>
313	5d8b0205	Scott Ullrich	</td>
314			<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
315			<?php
316	b6905de8	Scott Ullrich	if(isset($natent['staticnatport']))
317	3ea05ff4	Scott Ullrich	echo "<CENTER>YES</CENTER>";
318	b6905de8	Scott Ullrich	else
319	3ea05ff4	Scott Ullrich	echo "<CENTER>NO</CENTER>";
320	5d8b0205	Scott Ullrich	?>
321	4d38bfc3	Scott Ullrich	</td>
322	f8b8c2fd	Bill Marquette	<td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';">
323	19ae0929	Scott Ullrich	<font color="#FFFFFF"><?=htmlspecialchars($natent['descr']);?>
324	5b237745	Scott Ullrich	</td>
325	9c96aff5	Bill Marquette	<td class="list" valign="middle" nowrap>
326			<table border="0" cellspacing="0" cellpadding="1">
327			<tr>
328	90e4939a	Bill Marquette	<td><a href="firewall_nat_out_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit mapping"></a></td>
329	9c96aff5	Bill Marquette	</tr>
330			<tr>
331	677c0869	Erik Kristensen	<td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td>
332			<td><a href="firewall_nat_out_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td>
333	9c96aff5	Bill Marquette	</tr>
334			</table>
335			<?php $i++; $nnats++; endforeach; ?>
336	19ae0929	Scott Ullrich	<tr>
337	3af33993	Scott Ullrich	<td class="list" colspan="11"></td>
338	9c96aff5	Bill Marquette	<td class="list" valign="middle" nowrap>
339			<table border="0" cellspacing="0" cellpadding="1">
340			<tr>
341	677c0869	Erik Kristensen	<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td>
342	90e4939a	Bill Marquette	<td><a href="firewall_nat_out_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add new mapping"></a></td>
343	9c96aff5	Bill Marquette	</tr>
344			<tr>
345	677c0869	Erik Kristensen	<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td>
346	9c96aff5	Bill Marquette	</tr>
347			</table></td>
348	5b237745	Scott Ullrich	</tr>
349			</table>
350	d732f186	Bill Marquette	</div>
351	5b237745	Scott Ullrich	</td>
352			</tr>
353			</table>
354			</form>
355			<?php include("fend.inc"); ?>
356			</body>
357			</html>

Project

General

Profile

pfSense