Revision 6f61fea6
Added by Renato Botelho over 11 years ago
| usr/local/www/firewall_nat_out.php | ||
|---|---|---|
| 46 | 46 |
require_once("filter.inc");
|
| 47 | 47 |
require_once("shaper.inc");
|
| 48 | 48 |
|
| 49 |
global $FilterIflist; |
|
| 50 |
|
|
| 49 | 51 |
if (!is_array($config['nat']['outbound'])) |
| 50 | 52 |
$config['nat']['outbound'] = array(); |
| 51 | 53 |
|
| ... | ... | |
| 84 | 86 |
* lets automatically create entries |
| 85 | 87 |
* for all of the interfaces to make life easier on the pip-o-chap |
| 86 | 88 |
*/ |
| 87 |
$ifdescrs = get_configured_interface_with_descr(); |
|
| 88 |
|
|
| 89 |
foreach($ifdescrs as $if => $ifdesc) {
|
|
| 90 |
if (!interface_has_gateway($if)) |
|
| 91 |
continue; |
|
| 92 |
foreach ($ifdescrs as $if2 => $ifdesc2) {
|
|
| 93 |
if (interface_has_gateway($if2)) |
|
| 94 |
continue; |
|
| 95 |
|
|
| 96 |
$osipaddr = get_interface_ip($if2); |
|
| 97 |
$ossubnet = get_interface_subnet($if2); |
|
| 98 |
if (!is_ipaddr($osipaddr) || empty($ossubnet)) |
|
| 99 |
continue; |
|
| 100 |
$osn = gen_subnet($osipaddr, $ossubnet); |
|
| 101 |
|
|
| 102 |
$natent = array(); |
|
| 103 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 104 |
$natent['dstport'] = "500"; |
|
| 105 |
$natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'),$ifdesc2,$ifdesc);
|
|
| 106 |
$natent['target'] = ""; |
|
| 107 |
$natent['interface'] = $if; |
|
| 108 |
$natent['destination']['any'] = true; |
|
| 109 |
$natent['staticnatport'] = true; |
|
| 110 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 111 |
$a_out[] = $natent; |
|
| 112 |
|
|
| 113 |
$natent = array(); |
|
| 114 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 115 |
$natent['sourceport'] = ""; |
|
| 116 |
$natent['descr'] = sprintf(gettext('Auto created rule for %1$s to %2$s'),$ifdesc2,$ifdesc);
|
|
| 117 |
$natent['target'] = ""; |
|
| 118 |
$natent['interface'] = $if; |
|
| 119 |
$natent['destination']['any'] = true; |
|
| 120 |
$natent['natport'] = ""; |
|
| 89 |
if(empty($FilterIflist)) |
|
| 90 |
filter_generate_optcfg_array(); |
|
| 91 |
$tonathosts = filter_nat_rules_automatic_tonathosts(true); |
|
| 92 |
$automatic_rules = filter_nat_rules_outbound_automatic("");
|
|
| 93 |
|
|
| 94 |
foreach ($tonathosts as $tonathost) {
|
|
| 95 |
foreach ($automatic_rules as $natent) {
|
|
| 96 |
$natent['source']['network'] = $tonathost['subnet']; |
|
| 97 |
$natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'),
|
|
| 98 |
$tonathost['descr'], |
|
| 99 |
convert_real_interface_to_friendly_descr($natent['interface'])); |
|
| 121 | 100 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
| 122 | 101 |
$a_out[] = $natent; |
| 123 | 102 |
} |
| 124 |
/* Localhost */ |
|
| 125 |
$natent = array(); |
|
| 126 |
$natent['source']['network'] = "127.0.0.0/8"; |
|
| 127 |
$natent['dstport'] = ""; |
|
| 128 |
$natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc);
|
|
| 129 |
$natent['target'] = ""; |
|
| 130 |
$natent['interface'] = $if; |
|
| 131 |
$natent['destination']['any'] = true; |
|
| 132 |
$natent['staticnatport'] = false; |
|
| 133 |
$natent['natport'] = "1024:65535"; |
|
| 134 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 135 |
$a_out[] = $natent; |
|
| 136 |
/* PPTP subnet */ |
|
| 137 |
if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) {
|
|
| 138 |
$pptp_size = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units']; |
|
| 139 |
$pptptopip = $pptp_size - 1; |
|
| 140 |
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$pptptopip)); |
|
| 141 |
foreach ($pptp_subnets as $pptpsn) {
|
|
| 142 |
$natent = array(); |
|
| 143 |
$natent['source']['network'] = $pptpsn; |
|
| 144 |
$natent['sourceport'] = ""; |
|
| 145 |
$natent['descr'] = gettext("Auto created rule for PPTP server");
|
|
| 146 |
$natent['target'] = ""; |
|
| 147 |
$natent['interface'] = $if; |
|
| 148 |
$natent['destination']['any'] = true; |
|
| 149 |
$natent['natport'] = ""; |
|
| 150 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 151 |
$a_out[] = $natent; |
|
| 152 |
} |
|
| 153 |
} |
|
| 154 |
/* PPPoE subnet */ |
|
| 155 |
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
|
|
| 156 |
foreach ($config['pppoes']['pppoe'] as $pppoes) {
|
|
| 157 |
if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) {
|
|
| 158 |
if($pppoes['pppoe_subnet'] <> "") |
|
| 159 |
$ossubnet = $pppoes['pppoe_subnet']; |
|
| 160 |
else |
|
| 161 |
$ossubnet = "32"; |
|
| 162 |
$osn = gen_subnet($pppoes['localip'], $ossubnet); |
|
| 163 |
$natent = array(); |
|
| 164 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 165 |
$natent['sourceport'] = ""; |
|
| 166 |
$natent['descr'] = gettext("Auto created rule for PPPoE server");
|
|
| 167 |
$natent['target'] = ""; |
|
| 168 |
$natent['interface'] = $if; |
|
| 169 |
$natent['destination']['any'] = true; |
|
| 170 |
$natent['natport'] = ""; |
|
| 171 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 172 |
$a_out[] = $natent; |
|
| 173 |
} |
|
| 174 |
} |
|
| 175 |
} |
|
| 176 |
/* L2TP subnet */ |
|
| 177 |
if($config['l2tp']['mode'] == "server") {
|
|
| 178 |
if (is_ipaddr($config['l2tp']['localip'])) {
|
|
| 179 |
if($config['l2tp']['l2tp_subnet'] <> "") |
|
| 180 |
$ossubnet = $config['l2tp']['l2tp_subnet']; |
|
| 181 |
else |
|
| 182 |
$ossubnet = "32"; |
|
| 183 |
$osn = gen_subnet($config['l2tp']['localip'], $ossubnet); |
|
| 184 |
$natent = array(); |
|
| 185 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 186 |
$natent['sourceport'] = ""; |
|
| 187 |
$natent['descr'] = gettext("Auto created rule for L2TP server");
|
|
| 188 |
$natent['target'] = ""; |
|
| 189 |
$natent['interface'] = $if; |
|
| 190 |
$natent['destination']['any'] = true; |
|
| 191 |
$natent['natport'] = ""; |
|
| 192 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 193 |
$a_out[] = $natent; |
|
| 194 |
} |
|
| 195 |
} |
|
| 196 |
/* add openvpn interfaces */ |
|
| 197 |
if($config['openvpn']['openvpn-server']) {
|
|
| 198 |
foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) {
|
|
| 199 |
$natent = array(); |
|
| 200 |
$natent['source']['network'] = $ovpnsrv['tunnel_network']; |
|
| 201 |
$natent['sourceport'] = ""; |
|
| 202 |
$natent['descr'] = gettext("Auto created rule for OpenVPN server");
|
|
| 203 |
$natent['target'] = ""; |
|
| 204 |
$natent['interface'] = $if; |
|
| 205 |
$natent['destination']['any'] = true; |
|
| 206 |
$natent['natport'] = ""; |
|
| 207 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 208 |
$a_out[] = $natent; |
|
| 209 |
} |
|
| 210 |
} |
|
| 211 | 103 |
} |
| 212 | 104 |
$savemsg = gettext("Default rules for each interface have been created.");
|
| 213 | 105 |
} |
| ... | ... | |
| 585 | 477 |
</tr> |
| 586 | 478 |
<?php |
| 587 | 479 |
if ($mode == "automatic" || $mode == "hybrid"): |
| 588 |
global $FilterIflist; |
|
| 589 | 480 |
if(empty($FilterIflist)) |
| 590 | 481 |
filter_generate_optcfg_array(); |
| 591 | 482 |
$automatic_rules = filter_nat_rules_outbound_automatic(implode(" ", filter_nat_rules_automatic_tonathosts()));
|
Also available in: Unified diff
Use the same code to automatically create outbound NAT rules when mode change to manual, ticket #2416