Project

General

Profile

Download (17.5 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/* $Id$ */
3
/*
4
	firewall_nat.php
5
	Copyright (C) 2004 Scott Ullrich
6
	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7
	All rights reserved.
8

    
9
	originally part of m0n0wall (http://m0n0.ch/wall)
10
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11
	All rights reserved.
12

    
13
	Redistribution and use in source and binary forms, with or without
14
	modification, are permitted provided that the following conditions are met:
15

    
16
	1. Redistributions of source code must retain the above copyright notice,
17
	   this list of conditions and the following disclaimer.
18

    
19
	2. Redistributions in binary form must reproduce the above copyright
20
	   notice, this list of conditions and the following disclaimer in the
21
	   documentation and/or other materials provided with the distribution.
22

    
23
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32
	POSSIBILITY OF SUCH DAMAGE.
33
*/
34
/*
35
	pfSense_MODULE:	nat
36
*/
37

    
38
##|+PRIV
39
##|*IDENT=page-firewall-nat-portforward
40
##|*NAME=Firewall: NAT: Port Forward page
41
##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward' page.
42
##|*MATCH=firewall_nat.php*
43
##|-PRIV
44

    
45
require("guiconfig.inc");
46
require_once("functions.inc");
47
require_once("filter.inc");
48
require_once("shaper.inc");
49
require_once("itemid.inc");
50

    
51
if (!is_array($config['nat']['rule']))
52
	$config['nat']['rule'] = array();
53

    
54
$a_nat = &$config['nat']['rule'];
55

    
56
/* if a custom message has been passed along, lets process it */
57
if ($_GET['savemsg'])
58
	$savemsg = $_GET['savemsg'];
59

    
60
if ($_POST) {
61

    
62
	$pconfig = $_POST;
63

    
64
	if ($_POST['apply']) {
65

    
66
		$retval = 0;
67

    
68
		$retval |= filter_configure();
69
		$savemsg = get_std_save_message($retval);
70

    
71
		pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/apply");
72

    
73
		if ($retval == 0) {
74
			clear_subsystem_dirty('natconf');
75
			clear_subsystem_dirty('filter');
76
		}
77

    
78
	}
79
}
80

    
81
if ($_GET['act'] == "del") {
82
	if ($a_nat[$_GET['id']]) {
83

    
84
		if (isset($a_nat[$_GET['id']]['associated-rule-id'])) {
85
			delete_id($a_nat[$_GET['id']]['associated-rule-id'], $config['filter']['rule']);
86
			$want_dirty_filter = true;
87
		}
88
		unset($a_nat[$_GET['id']]);
89

    
90
		if (write_config()) {
91
			mark_subsystem_dirty('natconf');
92
			if ($want_dirty_filter)
93
				mark_subsystem_dirty('filter');
94
		}
95
		header("Location: firewall_nat.php");
96
		exit;
97
	}
98
}
99

    
100
if (isset($_POST['del_x'])) {
101
    /* delete selected rules */
102
    if (is_array($_POST['rule']) && count($_POST['rule'])) {
103
	    foreach ($_POST['rule'] as $rulei) {
104
		$target = $rule['target'];
105
			// Check for filter rule associations
106
			if (isset($a_nat[$rulei]['associated-rule-id'])){
107
				delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']);
108
				
109
				mark_subsystem_dirty('filter');
110
			}
111
	        unset($a_nat[$rulei]);
112
	    }
113
		if (write_config())
114
			mark_subsystem_dirty('natconf');
115
		header("Location: firewall_nat.php");
116
		exit;
117
	}
118

    
119
} else {
120
        /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
121
        unset($movebtn);
122
        foreach ($_POST as $pn => $pd) {
123
                if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
124
                        $movebtn = $matches[1];
125
                        break;
126
                }
127
        }
128
        /* move selected rules before this rule */
129
        if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
130
                $a_nat_new = array();
131

    
132
                /* copy all rules < $movebtn and not selected */
133
                for ($i = 0; $i < $movebtn; $i++) {
134
                        if (!in_array($i, $_POST['rule']))
135
                                $a_nat_new[] = $a_nat[$i];
136
                }
137

    
138
                /* copy all selected rules */
139
                for ($i = 0; $i < count($a_nat); $i++) {
140
                        if ($i == $movebtn)
141
                                continue;
142
                        if (in_array($i, $_POST['rule']))
143
                                $a_nat_new[] = $a_nat[$i];
144
                }
145

    
146
                /* copy $movebtn rule */
147
                if ($movebtn < count($a_nat))
148
                        $a_nat_new[] = $a_nat[$movebtn];
149

    
150
                /* copy all rules > $movebtn and not selected */
151
                for ($i = $movebtn+1; $i < count($a_nat); $i++) {
152
                        if (!in_array($i, $_POST['rule']))
153
                                $a_nat_new[] = $a_nat[$i];
154
                }
155
                $a_nat = $a_nat_new;
156
		if (write_config())
157
			mark_subsystem_dirty('natconf');
158
                header("Location: firewall_nat.php");
159
                exit;
160
        }
161
}
162

    
163
$closehead = false;
164
$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"));
165
include("head.inc");
166

    
167
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/domLib.js\"></script>";
168
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/domTT.js\"></script>";
169
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/behaviour.js\"></script>";
170
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></script>";
171

    
172
?>
173
</head>
174

    
175
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
176
<?php include("fbegin.inc"); ?>
177
<form action="firewall_nat.php" method="post" name="iform">
178
<script type="text/javascript" src="/javascript/row_toggle.js"></script>
179
<?php if ($savemsg) print_info_box($savemsg); ?>
180
<?php if (is_subsystem_dirty('natconf')): ?>
181
<?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br />
182
<?php endif; ?>
183
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat">
184
  <tr><td>
185
<?php
186
	$tab_array = array();
187
	$tab_array[] = array(gettext("Port Forward"), true, "firewall_nat.php");
188
	$tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php");
189
	$tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php");
190
	$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
191
	display_top_tabs($tab_array);
192
?>
193
 </td></tr>
194
  <tr>
195
    <td>
196
	<div id="mainarea">
197
              <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
198
                <tr id="frheader">
199
		  <td width="3%" class="list">&nbsp;</td>
200
                  <td width="3%" class="list">&nbsp;</td>
201
		  <td width="5%" class="listhdrr"><?=gettext("If");?></td>
202
		  <td width="5%" class="listhdrr"><?=gettext("Proto");?></td>
203
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Src. addr");?></td>
204
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Src. ports");?></td>
205
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. addr");?></td>
206
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. ports");?></td>
207
		  <td width="11%" class="listhdrr nowrap"><?=gettext("NAT IP");?></td>
208
		  <td width="11%" class="listhdrr nowrap"><?=gettext("NAT Ports");?></td>
209
		  <td width="11%" class="listhdr"><?=gettext("Description");?></td>
210
                  <td width="5%" class="list">
211
                    <table border="0" cellspacing="0" cellpadding="1" summary="list">
212
                      <tr>
213
			<td width="17">
214
			<?php if (count($a_nat) == 0): ?>
215
				<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
216
			<?php else: ?>
217
				<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
218
			<?php endif; ?>
219
			</td>
220
                        <td><a href="firewall_nat_edit.php?after=-1"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
221
                      </tr>
222
                    </table>
223
		  </td>
224
		</tr>
225
	<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
226
	<?php 
227
	
228
		//build Alias popup box
229
		$span_end = "</U></span>";
230

    
231
		$alias_popup = rule_popup($natent['source']['address'], pprint_port($natent['source']['port']), $natent['destination']['address'], pprint_port($natent['destination']['port']));
232

    
233
		$alias_src_span_begin      = $alias_popup["src"];
234
		$alias_src_port_span_begin = $alias_popup["srcport"];
235
		$alias_dst_span_begin      = $alias_popup["dst"];
236
		$alias_dst_port_span_begin = $alias_popup["dstport"];
237

    
238
		$alias_src_span_end        = $alias_popup["src_end"];
239
		$alias_src_port_span_end   = $alias_popup["srcport_end"];
240
		$alias_dst_span_end        = $alias_popup["dst_end"];
241
		$alias_dst_port_span_end   = $alias_popup["dstport_end"];
242

    
243
		$alias_popup = rule_popup("","",$natent['target'], pprint_port($natent['local-port']));
244

    
245
		$alias_target_span_begin     = $alias_popup["dst"];
246
		$alias_local_port_span_begin = $alias_popup["dstport"];
247

    
248
		$alias_target_span_end       = $alias_popup["dst_end"];
249
		$alias_local_port_span_end   = $alias_popup["dstport_end"];
250

    
251
		if (isset($natent['disabled']))
252
			$textss = "<span class=\"gray\">";
253
		else
254
			$textss = "<span>";
255

    
256
		$textse = "</span>";
257
	
258
		/* if user does not have access to edit an interface skip on to the next record */
259
		if(!have_natpfruleint_access($natent['interface'])) 
260
			continue;
261
	?>
262
                <tr valign="top" id="fr<?=$nnats;?>">
263
                  <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td>
264
                  <td class="listt" align="center">
265
					<?php if($natent['associated-rule-id'] == "pass"): ?>
266
					<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="<?=gettext("All traffic matching this NAT entry is passed"); ?>" border="0" alt="pass" />
267
					<?php elseif (!empty($natent['associated-rule-id'])): ?>
268
					<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="<?=gettext("Firewall rule ID"); ?> <?=htmlspecialchars($nnatid); ?> <?=gettext("is managed with this rule"); ?>" border="0" alt="change" />
269
					<?php endif; ?>
270
				  </td>
271
                  <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
272
                    <?=$textss;?>
273
		    <?php
274
			if (!$natent['interface'])
275
				echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
276
			else
277
				echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
278
		    ?>
279
                    <?=$textse;?>
280
                  </td>
281

    
282
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
283
					<?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?>
284
                  </td>
285

    
286
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
287
				    <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
288
                  </td>
289
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
290
				    <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?>
291
                  </td>
292

    
293
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
294
				    <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?>
295
                  </td>
296
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
297
				    <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
298
                  </td>
299

    
300
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
301
				    <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?>
302
                  </td>
303
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
304
					<?php
305
						$localport = $natent['local-port'];
306

    
307
						list($dstbeginport, $dstendport) = explode("-", $natent['destination']['port']);
308

    
309
						if ($dstendport) {
310
							$localendport = $natent['local-port'] + $dstendport - $dstbeginport;
311
							$localport   .= '-' . $localendport;
312
						}
313
					?>
314
				    <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?>
315
                  </td>
316

    
317
                  <td class="listbg" onclick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
318
				  <?=$textss;?><?=htmlspecialchars($natent['descr']);?>&nbsp;<?=$textse;?>
319
                  </td>
320
                  <td valign="middle" class="list nowrap">
321
                    <table border="0" cellspacing="0" cellpadding="1" summary="move">
322
                      <tr>
323
			<td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" height="17" type="image" width="17" border="0" /></td>
324
                        <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td>
325
                      </tr>
326
                      <tr>
327
					    <td align="center" valign="middle"><a href="firewall_nat.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" /></a></td>
328
			<td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="add" /></a></td>
329
                      </tr>
330
                    </table>
331
			</td>
332
		</tr>
333
  	     <?php $i++; $nnats++; endforeach; ?>
334
                <tr>
335
                  <td class="list" colspan="8"></td>
336
                  <td>&nbsp;</td>
337
                  <td>&nbsp;</td>
338
                  <td>&nbsp;</td>
339
                  <td class="list nowrap" valign="middle">
340
                    <table border="0" cellspacing="0" cellpadding="1" summary="move">
341
                      <tr>
342
			<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected rules to end");?>" /><?php endif; ?></td>
343
                      </tr>
344
                      <tr>
345
			<td width="17">
346
			<?php if (count($a_nat) == 0): ?>
347
				<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
348
			<?php else: ?>
349
				<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
350
			<?php endif; ?>
351
			</td>
352
                        <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
353
                      </tr>
354
                    </table>
355
		  </td>
356
		</tr>
357
		<tr><td>&nbsp;</td></tr>
358
          <tr>
359
            <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" alt="pass" /></td>
360
            <td colspan="3"><?=gettext("pass"); ?></td>
361
			</tr>
362
		   <tr>
363
            <td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11" alt="chain" /></td>
364
	    <td colspan="3"><?=gettext("linked rule");?></td>
365
          </tr>
366
    </table>
367
	</div>
368
	</td>
369
  </tr>
370
</table>
371

    
372
<?php
373
if ($pkg['tabs'] <> "") {
374
    echo "</td></tr></table>";
375
}
376
?>
377

    
378
</form>
379
<?php include("fend.inc"); ?>
380
</body>
381
</html>
(63-63/256)