/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ a9808a38

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	9ae40f2b	Scott Ullrich	<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			firewall_nat_edit.php
6			part of m0n0wall (http://m0n0.ch/wall)
7	9ae40f2b	Scott Ullrich
8	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9			All rights reserved.
10	9ae40f2b	Scott Ullrich
11	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13	9ae40f2b	Scott Ullrich
14	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16	9ae40f2b	Scott Ullrich
17	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20	9ae40f2b	Scott Ullrich
21	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33			require("guiconfig.inc");
34
35			if (!is_array($config['nat']['rule'])) {
36			$config['nat']['rule'] = array();
37			}
38	e99989d8	Scott Ullrich	//nat_rules_sort();
39	5b237745	Scott Ullrich	$a_nat = &$config['nat']['rule'];
40
41			$id = $_GET['id'];
42			if (isset($_POST['id']))
43			$id = $_POST['id'];
44
45	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
46			$id = $_GET['dup'];
47			$after = $_GET['dup'];
48			}
49
50	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
51			$pconfig['extaddr'] = $a_nat[$id]['external-address'];
52			$pconfig['proto'] = $a_nat[$id]['protocol'];
53			list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']);
54			$pconfig['localip'] = $a_nat[$id]['target'];
55			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
56			$pconfig['descr'] = $a_nat[$id]['descr'];
57			$pconfig['interface'] = $a_nat[$id]['interface'];
58			if (!$pconfig['interface'])
59			$pconfig['interface'] = "wan";
60			} else {
61			$pconfig['interface'] = "wan";
62			}
63
64	a6713b32	Bill Marquette	if (isset($_GET['dup']))
65			unset($id);
66
67	5b237745	Scott Ullrich	if ($_POST) {
68
69			if ($_POST['beginport_cust'] && !$_POST['beginport'])
70			$_POST['beginport'] = $_POST['beginport_cust'];
71			if ($_POST['endport_cust'] && !$_POST['endport'])
72			$_POST['endport'] = $_POST['endport_cust'];
73			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
74			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
75	9ae40f2b	Scott Ullrich
76	5b237745	Scott Ullrich	if (!$_POST['endport'])
77			$_POST['endport'] = $_POST['beginport'];
78	9ae40f2b	Scott Ullrich
79	5b237745	Scott Ullrich	unset($input_errors);
80			$pconfig = $_POST;
81
82			/* input validation */
83			$reqdfields = explode(" ", "interface proto beginport localip localbeginport");
84			$reqdfieldsn = explode(",", "Interface,Protocol,Start port,NAT IP,Local port");
85	9ae40f2b	Scott Ullrich
86	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
87	9ae40f2b	Scott Ullrich
88	0e6998d1	Scott Ullrich	if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) {
89	5b237745	Scott Ullrich	$input_errors[] = "The start port must be an integer between 1 and 65535.";
90			}
91	0e6998d1	Scott Ullrich	if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) {
92	5b237745	Scott Ullrich	$input_errors[] = "The end port must be an integer between 1 and 65535.";
93			}
94	0e6998d1	Scott Ullrich	if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) {
95	5b237745	Scott Ullrich	$input_errors[] = "The local port must be an integer between 1 and 65535.";
96			}
97			if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
98	5eb817bc	Bill Marquette	$input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias.";
99	5b237745	Scott Ullrich	}
100	9ae40f2b	Scott Ullrich
101	5b237745	Scott Ullrich	if ($_POST['beginport'] > $_POST['endport']) {
102			/* swap */
103			$tmp = $_POST['endport'];
104			$_POST['endport'] = $_POST['beginport'];
105			$_POST['beginport'] = $tmp;
106			}
107	9ae40f2b	Scott Ullrich
108	5b237745	Scott Ullrich	if (!$input_errors) {
109			if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
110	629dd875	Bill Marquette	$input_errors[] = "The target port range must be an integer between 1 and 65535.";
111	5b237745	Scott Ullrich	}
112	9ae40f2b	Scott Ullrich
113	5b237745	Scott Ullrich	/* check for overlaps */
114			foreach ($a_nat as $natent) {
115			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
116			continue;
117			if ($natent['interface'] != $_POST['interface'])
118			continue;
119			if ($natent['external-address'] != $_POST['extaddr'])
120			continue;
121	9ae40f2b	Scott Ullrich
122	5b237745	Scott Ullrich	list($begp,$endp) = explode("-", $natent['external-port']);
123			if (!$endp)
124			$endp = $begp;
125	9ae40f2b	Scott Ullrich
126	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
127			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
128	9ae40f2b	Scott Ullrich
129	5b237745	Scott Ullrich	$input_errors[] = "The external port range overlaps with an existing entry.";
130			break;
131			}
132			}
133
134			if (!$input_errors) {
135			$natent = array();
136			if ($_POST['extaddr'])
137			$natent['external-address'] = $_POST['extaddr'];
138			$natent['protocol'] = $_POST['proto'];
139	9ae40f2b	Scott Ullrich
140	5b237745	Scott Ullrich	if ($_POST['beginport'] == $_POST['endport'])
141			$natent['external-port'] = $_POST['beginport'];
142			else
143			$natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport'];
144	9ae40f2b	Scott Ullrich
145	5b237745	Scott Ullrich	$natent['target'] = $_POST['localip'];
146			$natent['local-port'] = $_POST['localbeginport'];
147			$natent['interface'] = $_POST['interface'];
148			$natent['descr'] = $_POST['descr'];
149	9ae40f2b	Scott Ullrich
150	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id])
151			$a_nat[$id] = $natent;
152	4a991889	Bill Marquette	else {
153			if (is_numeric($after))
154			array_splice($a_nat, $after+1, 0, array($natent));
155			else
156			$a_nat[] = $natent;
157			}
158	9ae40f2b	Scott Ullrich
159	5b237745	Scott Ullrich	touch($d_natconfdirty_path);
160	9ae40f2b	Scott Ullrich
161	5b237745	Scott Ullrich	if ($_POST['autoadd']) {
162			/* auto-generate a matching firewall rule */
163	9ae40f2b	Scott Ullrich	$filterent = array();
164	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
165			$filterent['protocol'] = $_POST['proto'];
166			$filterent['source']['any'] = "";
167			$filterent['destination']['address'] = $_POST['localip'];
168	9ae40f2b	Scott Ullrich
169	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
170			$dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport'];
171	9ae40f2b	Scott Ullrich
172	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
173			$filterent['destination']['port'] = $dstpfrom;
174			else
175			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
176	9ae40f2b	Scott Ullrich
177	5b237745	Scott Ullrich	$filterent['descr'] = "NAT " . $_POST['descr'];
178	9ae40f2b	Scott Ullrich
179	5b237745	Scott Ullrich	$config['filter']['rule'][] = $filterent;
180	9ae40f2b	Scott Ullrich
181	5b237745	Scott Ullrich	touch($d_filterconfdirty_path);
182			}
183	9ae40f2b	Scott Ullrich
184	5b237745	Scott Ullrich	write_config();
185	9ae40f2b	Scott Ullrich
186	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
187			exit;
188			}
189			}
190	da7ae7ef	Bill Marquette
191	183a4aae	Bill Marquette	$pgtitle = "Firewall: NAT: Port Forward: Edit";
192	da7ae7ef	Bill Marquette	include("head.inc");
193
194	5b237745	Scott Ullrich	?>
195	da7ae7ef	Bill Marquette
196	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
197	4ce8ac00	Erik Kristensen	<?php
198			include("fbegin.inc"); ?>
199	da7ae7ef	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
200	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
201			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
202	fcdfd949	Scott Ullrich	<?display_topbar("", "#eeeeee")?>
203	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
204	183a4aae	Bill Marquette	<tr>
205	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
206			<td width="78%" class="vtable">
207			<select name="interface" class="formfld">
208			<?php
209	b1f66041	Scott Ullrich	$interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP');
210	5b237745	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
211			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
212			}
213			foreach ($interfaces as $iface => $ifacename): ?>
214			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
215			<?=htmlspecialchars($ifacename);?>
216			</option>
217			<?php endforeach; ?>
218			</select><br>
219			<span class="vexpl">Choose which interface this rule applies to.<br>
220			Hint: in most cases, you'll want to use WAN here.</span></td>
221			</tr>
222	9ae40f2b	Scott Ullrich	<tr>
223	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">External address</td>
224	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
225	4ce8ac00	Erik Kristensen	<select name="extaddr" class="formfld">
226			<option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option>
227			<?php if (is_array($config['virtualip']['vip'])):
228			foreach ($config['virtualip']['vip'] as $sn): ?>
229			<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
230			<?php endforeach;
231			endif; ?>
232			<option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option>
233			</select>
234			<br />
235	5b237745	Scott Ullrich	<span class="vexpl">
236			If you want this rule to apply to another IP address than the IP address of the interface chosen above,
237	1425e067	Bill Marquette	select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.</span></td>
238	5b237745	Scott Ullrich	</tr>
239	9ae40f2b	Scott Ullrich	<tr>
240	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
241	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
242	5b237745	Scott Ullrich	<select name="proto" class="formfld">
243	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
244	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
245			<?php endforeach; ?>
246	9ae40f2b	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
247	5b237745	Scott Ullrich	this rule should match.<br>
248			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
249			</tr>
250	9ae40f2b	Scott Ullrich	<tr>
251			<td width="22%" valign="top" class="vncellreq">External port
252	5b237745	Scott Ullrich	range </td>
253	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
254	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
255	9ae40f2b	Scott Ullrich	<tr>
256	5b237745	Scott Ullrich	<td>from:  </td>
257			<td><select name="beginport" class="formfld" onChange="ext_rep_change();ext_change()">
258			<option value="">(other)</option>
259			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
260			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) {
261	0e6998d1	Scott Ullrich	echo "selected";
262			$bfound = 1;
263			}?>>
264	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
265			</option>
266			<?php endforeach; ?>
267	4ce8ac00	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td>
268	5b237745	Scott Ullrich	</tr>
269	9ae40f2b	Scott Ullrich	<tr>
270	5b237745	Scott Ullrich	<td>to:</td>
271			<td><select name="endport" class="formfld" onChange="ext_change()">
272			<option value="">(other)</option>
273			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
274			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) {
275	0e6998d1	Scott Ullrich	echo "selected";
276			$bfound = 1;
277			}?>>
278	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
279			</option>
280			<?php endforeach; ?>
281	4ce8ac00	Erik Kristensen	</select> <input class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td>
282	5b237745	Scott Ullrich	</tr>
283			</table>
284	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range on
285	5b237745	Scott Ullrich	the firewall's external address for this mapping.<br>
286	9ae40f2b	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
287	5b237745	Scott Ullrich	want to map a single port</span></td>
288			</tr>
289	9ae40f2b	Scott Ullrich	<tr>
290	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">NAT IP</td>
291	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
292	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
293	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Enter the internal IP address of
294	5b237745	Scott Ullrich	the server on which you want to map the ports.<br>
295			e.g. <em>192.168.1.12</em></span></td>
296			</tr>
297	9ae40f2b	Scott Ullrich	<tr>
298	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local port</td>
299	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
300	5b237745	Scott Ullrich	<select name="localbeginport" class="formfld" onChange="ext_change()">
301			<option value="">(other)</option>
302			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
303			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
304	0e6998d1	Scott Ullrich	echo "selected";
305			$bfound = 1;
306			}?>>
307	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
308			</option>
309			<?php endforeach; ?>
310	4ce8ac00	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>">
311	5b237745	Scott Ullrich	<br>
312	9ae40f2b	Scott Ullrich	<span class="vexpl">Specify the port on the machine with the
313			IP address entered above. In case of a port range, specify
314			the beginning port of the range (the end port will be calculated
315	5b237745	Scott Ullrich	automatically).<br>
316			Hint: this is usually identical to the 'from' port above</span></td>
317			</tr>
318	9ae40f2b	Scott Ullrich	<tr>
319	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
320	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
321			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
322			<br> <span class="vexpl">You may enter a description here
323	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
324	4a991889	Bill Marquette	</tr><?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
325	9ae40f2b	Scott Ullrich	<tr>
326	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
327	9ae40f2b	Scott Ullrich	<td width="78%">
328	5b237745	Scott Ullrich	<input name="autoadd" type="checkbox" id="autoadd" value="yes">
329	9ae40f2b	Scott Ullrich	<strong>Auto-add a firewall rule to permit traffic through
330	5b237745	Scott Ullrich	this NAT rule</strong></td>
331			</tr><?php endif; ?>
332	9ae40f2b	Scott Ullrich	<tr>
333	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
334	9ae40f2b	Scott Ullrich	<td width="78%">
335	fc01e414	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
336	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
337	9ae40f2b	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
338	5b237745	Scott Ullrich	<?php endif; ?>
339			</td>
340			</tr>
341			</table>
342			</form>
343			<script language="JavaScript">
344			<!--
345	4ce8ac00	Erik Kristensen	ext_change();
346	5b237745	Scott Ullrich	//-->
347			</script>
348	9ae40f2b	Scott Ullrich	<?php
349			$isfirst = 0;
350			$aliases = "";
351			$addrisfirst = 0;
352			$aliasesaddr = "";
353	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
354			foreach($config['aliases']['alias'] as $alias_name) {
355			if(!stristr($alias_name['address'], ".")) {
356			if($isfirst == 1) $aliases .= ",";
357			$aliases .= "'" . $alias_name['name'] . "'";
358			$isfirst = 1;
359			} else {
360			if($addrisfirst == 1) $aliasesaddr .= ",";
361			$aliasesaddr .= "'" . $alias_name['name'] . "'";
362			$addrisfirst = 1;
363			}
364	9ae40f2b	Scott Ullrich	}
365			?>
366			<script language="JavaScript">
367			<!--
368	4ce8ac00	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
369			var customarray=new Array(<?php echo $aliases; ?>);
370	9ae40f2b	Scott Ullrich	//-->
371			</script>
372	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
373			</body>
374			</html>

Project

General

Profile

pfSense