/usr/local/www/firewall_nat.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat.php @ b72e70ae

1	340e6dca	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat.php
5	c55b323d	Scott Ullrich	Copyright (C) 2004 Scott Ullrich
6			All rights reserved.
7	340e6dca	Scott Ullrich
8	c55b323d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	340e6dca	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	340e6dca	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	340e6dca	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	340e6dca	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: nat
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-nat-portforward
39			##\|*NAME=Firewall: NAT: Port Forward page
40			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward' page.
41			##\|MATCH=firewall_nat.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	7a927e67	Scott Ullrich	require_once("functions.inc");
46			require_once("filter.inc");
47			require_once("shaper.inc");
48	483e6de8	Scott Ullrich	require_once("itemid.inc");
49	5b237745	Scott Ullrich
50	e8c2c890	Bill Marquette	if (!is_array($config['nat']['rule']))
51	5b237745	Scott Ullrich	$config['nat']['rule'] = array();
52	fbe94068	Scott Ullrich
53	5b237745	Scott Ullrich	$a_nat = &$config['nat']['rule'];
54
55	514dbaf8	Scott Ullrich	/* if a custom message has been passed along, lets process it */
56			if ($_GET['savemsg'])
57			$savemsg = $_GET['savemsg'];
58
59	5b237745	Scott Ullrich	if ($_POST) {
60
61			$pconfig = $_POST;
62
63			if ($_POST['apply']) {
64	e8c2c890	Bill Marquette
65			write_config();
66
67	5b237745	Scott Ullrich	$retval = 0;
68	7a6c350f	Scott Ullrich
69	b2774343	Scott Ullrich	if(stristr($retval, "error") <> true)
70	2a71debf	Scott Ullrich	$savemsg = get_std_save_message($retval);
71			else
72			$savemsg = $retval;
73	340e6dca	Scott Ullrich
74	7d04082e	Scott Ullrich	unlink_if_exists("/tmp/config.cache");
75	e2c9ef13	Scott Ullrich	$retval \|= filter_configure();
76	7d04082e	Scott Ullrich
77	5b237745	Scott Ullrich	if ($retval == 0) {
78	a368a026	Ermal Lu?i	clear_subsystem_dirty('natconf');
79			clear_subsystem_dirty('filter');
80	5b237745	Scott Ullrich	}
81	7d04082e	Scott Ullrich
82	5b237745	Scott Ullrich	}
83			}
84
85	00bcbdd0	Bill Marquette	if (isset($_POST['del_x'])) {
86	4b9a670c	Scott Ullrich	/* delete selected rules */
87			if (is_array($_POST['rule']) && count($_POST['rule'])) {
88			foreach ($_POST['rule'] as $rulei) {
89	049a688e	Ermal Lu?i	$target = $rule['target'];
90	b9e28d57	unknown	// Check for filter rule associations
91	9b16b834	Ermal Lu?i	if (isset($a_nat[$rulei]['associated-rule-id'])){
92			delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']);
93	b9e28d57	unknown
94			mark_subsystem_dirty('filter');
95			}
96	4b9a670c	Scott Ullrich	unset($a_nat[$rulei]);
97			}
98			write_config();
99	a368a026	Ermal Lu?i	mark_subsystem_dirty('natconf');
100	4b9a670c	Scott Ullrich	header("Location: firewall_nat.php");
101			exit;
102			}
103	00bcbdd0	Bill Marquette
104			} else {
105			/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
106			unset($movebtn);
107			foreach ($_POST as $pn => $pd) {
108			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
109			$movebtn = $matches[1];
110			break;
111			}
112			}
113			/* move selected rules before this rule */
114			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
115			$a_nat_new = array();
116
117			/* copy all rules < $movebtn and not selected */
118			for ($i = 0; $i < $movebtn; $i++) {
119			if (!in_array($i, $_POST['rule']))
120			$a_nat_new[] = $a_nat[$i];
121			}
122
123			/* copy all selected rules */
124			for ($i = 0; $i < count($a_nat); $i++) {
125			if ($i == $movebtn)
126			continue;
127			if (in_array($i, $_POST['rule']))
128			$a_nat_new[] = $a_nat[$i];
129			}
130
131			/* copy $movebtn rule */
132			if ($movebtn < count($a_nat))
133			$a_nat_new[] = $a_nat[$movebtn];
134
135			/* copy all rules > $movebtn and not selected */
136			for ($i = $movebtn+1; $i < count($a_nat); $i++) {
137			if (!in_array($i, $_POST['rule']))
138			$a_nat_new[] = $a_nat[$i];
139			}
140			$a_nat = $a_nat_new;
141			write_config();
142	a368a026	Ermal Lu?i	mark_subsystem_dirty('natconf');
143	00bcbdd0	Bill Marquette	header("Location: firewall_nat.php");
144			exit;
145			}
146	5b237745	Scott Ullrich	}
147	00bcbdd0	Bill Marquette
148	d88c6a9f	Scott Ullrich	$pgtitle = array("Firewall","NAT","Port Forward");
149	6eb17647	Scott Ullrich	include("head.inc");
150
151	2a9db752	Scott Dale	echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domLib.js\"></script>";
152			echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domTT.js\"></script>";
153			echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/behaviour.js\"></script>";
154			echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/fadomatic.js\"></script>";
155
156	24f600b0	Scott Ullrich	?>
157	a8726a3d	Scott Ullrich	<body link="#000000" vlink="#000000" alink="#000000">
158	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
159	00bcbdd0	Bill Marquette	<form action="firewall_nat.php" method="post" name="iform">
160	625dcc40	Bill Marquette	<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js"></script>
161	a368a026	Ermal Lu?i	<?php if (is_subsystem_dirty('natconf')): ?><p>
162	514dbaf8	Scott Ullrich	<?php
163			if($savemsg)
164			print_info_box_np("{$savemsg}<br>The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");
165			else
166			print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");
167			?>
168	5b237745	Scott Ullrich	<?php endif; ?>
169			<table width="100%" border="0" cellpadding="0" cellspacing="0">
170			<tr><td>
171	a8726a3d	Scott Ullrich	<?php
172			$tab_array = array();
173	1425e067	Bill Marquette	$tab_array[] = array("Port Forward", true, "firewall_nat.php");
174			$tab_array[] = array("1:1", false, "firewall_nat_1to1.php");
175			$tab_array[] = array("Outbound", false, "firewall_nat_out.php");
176	a8726a3d	Scott Ullrich	display_top_tabs($tab_array);
177			?>
178			</td></tr>
179	340e6dca	Scott Ullrich	<tr>
180	d732f186	Bill Marquette	<td>
181			<div id="mainarea">
182			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
183	00bcbdd0	Bill Marquette	<tr id="frheader">
184			<td width="3%" class="list"> </td>
185			<td width="3%" class="list"> </td>
186	5b237745	Scott Ullrich	<td width="5%" class="listhdrr">If</td>
187			<td width="5%" class="listhdrr">Proto</td>
188			<td width="20%" class="listhdrr">Ext. port range</td>
189			<td width="20%" class="listhdrr">NAT IP</td>
190			<td width="20%" class="listhdrr">Int. port range</td>
191			<td width="20%" class="listhdr">Description</td>
192	d415d821	Seth Mos	<td width="5%" class="list">
193			<table border="0" cellspacing="0" cellpadding="1">
194			<tr>
195			<td width="17"></td>
196			<td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
197			</tr>
198			</table>
199			</td>
200	00bcbdd0	Bill Marquette	</tr>
201			<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
202	40b56dc1	Scott Ullrich	<?php
203	2a9db752	Scott Dale
204			//build Alias popup box
205			$span_begin = "";
206			$span_end = "";
207			$alias_src_port_span_begin = "";
208			$alias_dst_span_begin = "";
209			$alias_dst_port_span_begin = "";
210
211			list($beginport, $endport) = split("-", $natent['external-port']);
212
213			$alias_popup = rule_popup("",$beginport,$natent['target'],$natent['local-port']);
214			$span_end = "</U></span>";
215
216
217			$alias_src_port_span_begin = $alias_popup["srcport"];
218
219			$alias_dst_span_begin = $alias_popup["dst"];
220
221			$alias_dst_port_span_begin = $alias_popup["dstport"];
222
223
224
225
226	40b56dc1	Scott Ullrich	/* if user does not have access to edit an interface skip on to the next record */
227			if(!have_natpfruleint_access($natent['interface']))
228			continue;
229			?>
230	00bcbdd0	Bill Marquette	<tr valign="top" id="fr<?=$nnats;?>">
231			<td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
232	b9e28d57	unknown	<td class="listt" align="center">
233	9b16b834	Ermal Lu?i	<?php if(!empty($natent['associated-rule-id'])): ?>
234			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0">
235	b9e28d57	unknown	<?php endif; ?>
236	9b16b834	Ermal Lu?i	<?php if($natent['associated-rule-id'] == "pass"): ?>
237	537dff78	Chris Buechler	<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="All traffic matching this NAT entry is passed" border="0">
238			<?php endif; ?>
239	b9e28d57	unknown	</td>
240	b8a0de00	Bill Marquette	<td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
241	8b1fab53	Scott Ullrich	<?php
242	00bcbdd0	Bill Marquette	if (!$natent['interface'] \|\| ($natent['interface'] == "wan"))
243			echo "WAN";
244	7a6c350f	Scott Ullrich	else if(strtolower($natent['interface']) == "lan")
245	3e33bb10	Scott Ullrich	echo "LAN";
246	00bcbdd0	Bill Marquette	else
247	3e33bb10	Scott Ullrich	echo strtoupper($config['interfaces'][$natent['interface']]['descr']);
248	00bcbdd0	Bill Marquette	?>
249	5b237745	Scott Ullrich	</td>
250	b8a0de00	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
251	5b237745	Scott Ullrich	<?=strtoupper($natent['protocol']);?>
252			</td>
253	b8a0de00	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
254	340e6dca	Scott Ullrich	<?php
255	5b237745	Scott Ullrich	list($beginport, $endport) = split("-", $natent['external-port']);
256			if ((!$endport) \|\| ($beginport == $endport)) {
257	2a9db752	Scott Dale	echo $alias_src_port_span_begin;
258	5b237745	Scott Ullrich	echo $beginport;
259			if ($wkports[$beginport])
260			echo " (" . $wkports[$beginport] . ")";
261	d04221dc	Scott Ullrich	else
262			echo " ";
263	2a9db752	Scott Dale	echo $span_end;
264	5b237745	Scott Ullrich	} else
265			echo $beginport . " - " . $endport;
266			?>
267			</td>
268	b8a0de00	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
269	2a9db752	Scott Dale	<?php echo $alias_dst_span_begin;?><?=$natent['target'];?><?php echo $span_end;?>
270	5b237745	Scott Ullrich	<?php if ($natent['external-address'])
271			echo "<br>(ext.: " . $natent['external-address'] . ")";
272	89cf7eba	Scott Ullrich	else
273			echo "<br>(ext.: " . find_interface_ip(convert_friendly_interface_to_real_interface_name($natent['interface'])) . ")";
274	5b237745	Scott Ullrich	?>
275			</td>
276	b8a0de00	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
277	5b237745	Scott Ullrich	<?php if ((!$endport) \|\| ($beginport == $endport)) {
278	2a9db752	Scott Dale	echo $alias_dst_port_span_begin;
279			echo $natent['local-port'];
280	5b237745	Scott Ullrich	if ($wkports[$natent['local-port']])
281			echo " (" . $wkports[$natent['local-port']] . ")";
282	d04221dc	Scott Ullrich	else
283			echo " ";
284	2a9db752	Scott Dale	echo $span_end;
285	5b237745	Scott Ullrich	} else
286	340e6dca	Scott Ullrich	echo $natent['local-port'] . " - " .
287	5b237745	Scott Ullrich	($natent['local-port']+$endport-$beginport);
288			?>
289			</td>
290	8b1fab53	Scott Ullrich	<td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
291	5b237745	Scott Ullrich	<?=htmlspecialchars($natent['descr']);?>
292			</td>
293	00bcbdd0	Bill Marquette	<td valign="middle" class="list" nowrap>
294			<table border="0" cellspacing="0" cellpadding="1">
295			<tr>
296	f057bae4	Bill Marquette	<td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td>
297	00bcbdd0	Bill Marquette	</tr>
298			<tr>
299	677c0869	Erik Kristensen	<td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td>
300			<td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td>
301	00bcbdd0	Bill Marquette	</tr>
302			</table>
303			</tr>
304			<?php $i++; $nnats++; endforeach; ?>
305	340e6dca	Scott Ullrich	<tr>
306	00bcbdd0	Bill Marquette	<td class="list" colspan="8"></td>
307			<td class="list" valign="middle" nowrap>
308			<table border="0" cellspacing="0" cellpadding="1">
309			<tr>
310	677c0869	Erik Kristensen	<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td>
311			<td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
312	00bcbdd0	Bill Marquette	</tr>
313			<tr>
314	a99e956f	Erik Kristensen	<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td>
315	00bcbdd0	Bill Marquette	</tr>
316	d415d821	Seth Mos	</table>
317			</td>
318	1b43f08f	Scott Ullrich	</tr>
319	5fbcc12a	Scott Ullrich	<tr><td> </td></tr>
320	68b0c7eb	Chris Buechler	<tr>
321			<td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11"></td>
322	1b43f08f	Scott Ullrich	<td colspan="3">pass</td>
323			</tr>
324			<tr>
325			<td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11"></td>
326			<td colspan="3">linked rule</td>
327	68b0c7eb	Chris Buechler	</tr>
328			</table>
329	d732f186	Bill Marquette	</div>
330			</td>
331	5b237745	Scott Ullrich	</tr>
332			</table>
333	3d335c4d	Scott Ullrich
334			<?php
335			if ($pkg['tabs'] <> "") {
336			echo "</td></tr></table>";
337			}
338			?>
339
340			</form>
341	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
342			</body>
343			</html>

Project

General

Profile

pfSense