Revision a1776dcf
Added by Jim Pingle over 12 years ago
| usr/local/www/firewall_nat_out.php | ||
|---|---|---|
| 94 | 94 |
$ifdescrs = get_configured_interface_with_descr(); |
| 95 | 95 |
|
| 96 | 96 |
foreach($ifdescrs as $if => $ifdesc) {
|
| 97 |
if (interface_has_gateway($if)) |
|
| 97 |
if (!interface_has_gateway($if))
|
|
| 98 | 98 |
continue; |
| 99 |
$osipaddr = get_interface_ip($if); |
|
| 100 |
$ossubnet = get_interface_subnet($if); |
|
| 101 |
if (!is_ipaddr($osipaddr) || empty($ossubnet)) |
|
| 102 |
continue; |
|
| 103 |
$osn = gen_subnet($osipaddr, $ossubnet); |
|
| 104 | 99 |
foreach ($ifdescrs as $if2 => $ifdesc2) {
|
| 105 |
if (!interface_has_gateway($if2)) |
|
| 100 |
if (interface_has_gateway($if2)) |
|
| 101 |
continue; |
|
| 102 |
|
|
| 103 |
$osipaddr = get_interface_ip($if2); |
|
| 104 |
$ossubnet = get_interface_subnet($if2); |
|
| 105 |
if (!is_ipaddr($osipaddr) || empty($ossubnet)) |
|
| 106 | 106 |
continue; |
| 107 |
$osn = gen_subnet($osipaddr, $ossubnet); |
|
| 107 | 108 |
|
| 108 | 109 |
$natent = array(); |
| 109 | 110 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
| 110 | 111 |
$natent['dstport'] = "500"; |
| 111 |
$natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'),$ifdesc,$ifdesc2);
|
|
| 112 |
$natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'),$ifdesc2,$ifdesc);
|
|
| 112 | 113 |
$natent['target'] = ""; |
| 113 |
$natent['interface'] = $if2;
|
|
| 114 |
$natent['interface'] = $if; |
|
| 114 | 115 |
$natent['destination']['any'] = true; |
| 115 | 116 |
$natent['staticnatport'] = true; |
| 116 | 117 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
| 117 | 118 |
$a_out[] = $natent; |
| 118 |
|
|
| 119 |
|
|
| 119 | 120 |
$natent = array(); |
| 120 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 121 |
$natent['sourceport'] = ""; |
|
| 122 |
$natent['descr'] = sprintf(gettext('Auto created rule for %1$s to %2$s'),$ifdesc,$ifdesc2);
|
|
| 123 |
$natent['target'] = ""; |
|
| 124 |
$natent['interface'] = $if2; |
|
| 125 |
$natent['destination']['any'] = true; |
|
| 126 |
$natent['natport'] = ""; |
|
| 127 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 128 |
$a_out[] = $natent; |
|
| 129 |
|
|
| 130 |
$natent = array(); |
|
| 131 |
$natent['source']['network'] = "127.0.0.0/8"; |
|
| 132 |
$natent['dstport'] = ""; |
|
| 133 |
$natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc2);
|
|
| 134 |
$natent['target'] = ""; |
|
| 135 |
$natent['interface'] = $if2; |
|
| 136 |
$natent['destination']['any'] = true; |
|
| 137 |
$natent['staticnatport'] = false; |
|
| 138 |
$natent['natport'] = "1024:65535"; |
|
| 121 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 122 |
$natent['sourceport'] = ""; |
|
| 123 |
$natent['descr'] = sprintf(gettext('Auto created rule for %1$s to %2$s'),$ifdesc2,$ifdesc);
|
|
| 124 |
$natent['target'] = ""; |
|
| 125 |
$natent['interface'] = $if; |
|
| 126 |
$natent['destination']['any'] = true; |
|
| 127 |
$natent['natport'] = ""; |
|
| 139 | 128 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
| 140 |
$a_out[] = $natent; |
|
| 141 |
|
|
| 142 |
/* PPTP subnet */ |
|
| 143 |
if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) {
|
|
| 144 |
$pptp_size = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units']; |
|
| 145 |
$pptptopip = $pptp_size - 1; |
|
| 146 |
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$pptptopip)); |
|
| 147 |
foreach ($pptp_subnets as $pptpsn) {
|
|
| 148 |
$natent = array(); |
|
| 149 |
$natent['source']['network'] = $pptpsn; |
|
| 150 |
$natent['sourceport'] = ""; |
|
| 151 |
$natent['descr'] = gettext("Auto created rule for PPTP server");
|
|
| 152 |
$natent['target'] = ""; |
|
| 153 |
$natent['interface'] = $if2; |
|
| 154 |
$natent['destination']['any'] = true; |
|
| 155 |
$natent['natport'] = ""; |
|
| 156 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 157 |
$a_out[] = $natent; |
|
| 158 |
} |
|
| 159 |
} |
|
| 160 |
/* PPPoE subnet */ |
|
| 161 |
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
|
|
| 162 |
foreach ($config['pppoes']['pppoe'] as $pppoes) {
|
|
| 163 |
if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) {
|
|
| 164 |
if($pppoes['pppoe_subnet'] <> "") |
|
| 165 |
$ossubnet = $pppoes['pppoe_subnet']; |
|
| 166 |
else |
|
| 167 |
$ossubnet = "32"; |
|
| 168 |
$osn = gen_subnet($pppoes['localip'], $ossubnet); |
|
| 169 |
$natent = array(); |
|
| 170 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 171 |
$natent['sourceport'] = ""; |
|
| 172 |
$natent['descr'] = gettext("Auto created rule for PPPoE server");
|
|
| 173 |
$natent['target'] = ""; |
|
| 174 |
$natent['interface'] = $if2; |
|
| 175 |
$natent['destination']['any'] = true; |
|
| 176 |
$natent['natport'] = ""; |
|
| 177 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 178 |
$a_out[] = $natent; |
|
| 179 |
} |
|
| 180 |
} |
|
| 129 |
$a_out[] = $natent; |
|
| 130 |
} |
|
| 131 |
/* Localhost */ |
|
| 132 |
$natent = array(); |
|
| 133 |
$natent['source']['network'] = "127.0.0.0/8"; |
|
| 134 |
$natent['dstport'] = ""; |
|
| 135 |
$natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc);
|
|
| 136 |
$natent['target'] = ""; |
|
| 137 |
$natent['interface'] = $if; |
|
| 138 |
$natent['destination']['any'] = true; |
|
| 139 |
$natent['staticnatport'] = false; |
|
| 140 |
$natent['natport'] = "1024:65535"; |
|
| 141 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 142 |
$a_out[] = $natent; |
|
| 143 |
/* PPTP subnet */ |
|
| 144 |
if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) {
|
|
| 145 |
$pptp_size = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units']; |
|
| 146 |
$pptptopip = $pptp_size - 1; |
|
| 147 |
$pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$pptptopip)); |
|
| 148 |
foreach ($pptp_subnets as $pptpsn) {
|
|
| 149 |
$natent = array(); |
|
| 150 |
$natent['source']['network'] = $pptpsn; |
|
| 151 |
$natent['sourceport'] = ""; |
|
| 152 |
$natent['descr'] = gettext("Auto created rule for PPTP server");
|
|
| 153 |
$natent['target'] = ""; |
|
| 154 |
$natent['interface'] = $if; |
|
| 155 |
$natent['destination']['any'] = true; |
|
| 156 |
$natent['natport'] = ""; |
|
| 157 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 158 |
$a_out[] = $natent; |
|
| 181 | 159 |
} |
| 182 |
/* L2TP subnet */ |
|
| 183 |
if($config['l2tp']['mode'] == "server") {
|
|
| 184 |
if (is_ipaddr($config['l2tp']['localip'])) {
|
|
| 185 |
if($config['l2tp']['l2tp_subnet'] <> "") |
|
| 186 |
$ossubnet = $config['l2tp']['l2tp_subnet']; |
|
| 160 |
} |
|
| 161 |
/* PPPoE subnet */ |
|
| 162 |
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
|
|
| 163 |
foreach ($config['pppoes']['pppoe'] as $pppoes) {
|
|
| 164 |
if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) {
|
|
| 165 |
if($pppoes['pppoe_subnet'] <> "") |
|
| 166 |
$ossubnet = $pppoes['pppoe_subnet']; |
|
| 187 | 167 |
else |
| 188 | 168 |
$ossubnet = "32"; |
| 189 |
$osn = gen_subnet($config['l2tp']['localip'], $ossubnet);
|
|
| 169 |
$osn = gen_subnet($pppoes['localip'], $ossubnet);
|
|
| 190 | 170 |
$natent = array(); |
| 191 | 171 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
| 192 | 172 |
$natent['sourceport'] = ""; |
| 193 |
$natent['descr'] = gettext("Auto created rule for L2TP server");
|
|
| 173 |
$natent['descr'] = gettext("Auto created rule for PPPoE server");
|
|
| 194 | 174 |
$natent['target'] = ""; |
| 195 |
$natent['interface'] = $if2;
|
|
| 175 |
$natent['interface'] = $if; |
|
| 196 | 176 |
$natent['destination']['any'] = true; |
| 197 | 177 |
$natent['natport'] = ""; |
| 198 | 178 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
| 199 | 179 |
$a_out[] = $natent; |
| 200 | 180 |
} |
| 201 | 181 |
} |
| 202 |
/* add openvpn interfaces */ |
|
| 203 |
if($config['openvpn']['openvpn-server']) {
|
|
| 204 |
foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) {
|
|
| 205 |
$natent = array(); |
|
| 206 |
$natent['source']['network'] = $ovpnsrv['tunnel_network']; |
|
| 207 |
$natent['sourceport'] = ""; |
|
| 208 |
$natent['descr'] = gettext("Auto created rule for OpenVPN server");
|
|
| 209 |
$natent['target'] = ""; |
|
| 210 |
$natent['interface'] = $if2; |
|
| 211 |
$natent['destination']['any'] = true; |
|
| 212 |
$natent['natport'] = ""; |
|
| 213 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 214 |
$a_out[] = $natent; |
|
| 215 |
} |
|
| 182 |
} |
|
| 183 |
/* L2TP subnet */ |
|
| 184 |
if($config['l2tp']['mode'] == "server") {
|
|
| 185 |
if (is_ipaddr($config['l2tp']['localip'])) {
|
|
| 186 |
if($config['l2tp']['l2tp_subnet'] <> "") |
|
| 187 |
$ossubnet = $config['l2tp']['l2tp_subnet']; |
|
| 188 |
else |
|
| 189 |
$ossubnet = "32"; |
|
| 190 |
$osn = gen_subnet($config['l2tp']['localip'], $ossubnet); |
|
| 191 |
$natent = array(); |
|
| 192 |
$natent['source']['network'] = "{$osn}/{$ossubnet}";
|
|
| 193 |
$natent['sourceport'] = ""; |
|
| 194 |
$natent['descr'] = gettext("Auto created rule for L2TP server");
|
|
| 195 |
$natent['target'] = ""; |
|
| 196 |
$natent['interface'] = $if; |
|
| 197 |
$natent['destination']['any'] = true; |
|
| 198 |
$natent['natport'] = ""; |
|
| 199 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 200 |
$a_out[] = $natent; |
|
| 201 |
} |
|
| 202 |
} |
|
| 203 |
/* add openvpn interfaces */ |
|
| 204 |
if($config['openvpn']['openvpn-server']) {
|
|
| 205 |
foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) {
|
|
| 206 |
$natent = array(); |
|
| 207 |
$natent['source']['network'] = $ovpnsrv['tunnel_network']; |
|
| 208 |
$natent['sourceport'] = ""; |
|
| 209 |
$natent['descr'] = gettext("Auto created rule for OpenVPN server");
|
|
| 210 |
$natent['target'] = ""; |
|
| 211 |
$natent['interface'] = $if; |
|
| 212 |
$natent['destination']['any'] = true; |
|
| 213 |
$natent['natport'] = ""; |
|
| 214 |
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
|
|
| 215 |
$a_out[] = $natent; |
|
| 216 | 216 |
} |
| 217 |
}
|
|
| 217 |
} |
|
| 218 | 218 |
} |
| 219 | 219 |
|
| 220 | 220 |
$savemsg = gettext("Default rules for each interface have been created.");
|
Also available in: Unified diff
Rearrange this manual outbound NAT rule generation loop -- fixes unnecessary duplication of Localhost and VPN rules.