Revision c8bbe66f
Added by Erik Fonnesbeck over 15 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 912 | 912 |
else |
| 913 | 913 |
$natif = $natent['interface']; |
| 914 | 914 |
$natif = $FilterIflist[$natif]['if']; |
| 915 |
if($natif) |
|
| 916 |
$natrules .= "binat on $natif from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
|
|
| 915 |
|
|
| 916 |
if($natif) {
|
|
| 917 |
/* If reflection is enabled, turn on extra redirections |
|
| 918 |
* for this rule by adding other interfaces to binat rule. */ |
|
| 919 |
if(isset($config['system']['enablebinatreflection'])) {
|
|
| 920 |
$nat_if_list = filter_get_reflection_interfaces($natif); |
|
| 921 |
} else {
|
|
| 922 |
$nat_if_list = array(); |
|
| 923 |
} |
|
| 924 |
|
|
| 925 |
$nat_if_list = array_merge(array($natif), $nat_if_list); |
|
| 926 |
//$binat_if_list = implode(" ", $nat_if_list);
|
|
| 927 |
//if(count($nat_if_list) > 1) |
|
| 928 |
// $binat_if_list = "{ {$binat_if_list} }";
|
|
| 929 |
|
|
| 930 |
/* binat seems to currently only work with the first interface specified on the line */ |
|
| 931 |
// $natrules .= "binat on {$binat_if_list} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
|
|
| 932 |
foreach ($nat_if_list as $natifname) |
|
| 933 |
$natrules .= "binat on {$natifname} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
|
|
| 934 |
$natrules .= filter_generate_reflection_nat($rule, $nat_if_list, "", "{$natent['internal']}/{$sn}", $natent['internal'], $sn);
|
|
| 935 |
} |
|
| 917 | 936 |
} |
| 918 | 937 |
} |
| 919 | 938 |
$natrules .= "\n# Outbound NAT rules\n"; |
| ... | ... | |
| 1199 | 1218 |
if(empty($localport_nat) && $dstaddr_port[2]) |
| 1200 | 1219 |
$localport_nat = " port " . $dstaddr_port[2]; |
| 1201 | 1220 |
|
| 1202 |
if(!isset($config['system']['disablenatreflection'])) {
|
|
| 1203 |
$nat_if_list = filter_get_reflection_interfaces($natif); |
|
| 1204 |
} else {
|
|
| 1205 |
$nat_if_list = array(); |
|
| 1206 |
} |
|
| 1207 |
|
|
| 1208 | 1221 |
if($srcaddr <> "" && $dstaddr <> "" && $natif) {
|
| 1222 |
/* If reflection is enabled, turn on extra redirections for |
|
| 1223 |
* this rule by adding other interfaces to a similar rdr rule. */ |
|
| 1224 |
if(!isset($config['system']['disablenatreflection'])) {
|
|
| 1225 |
$nat_if_list = filter_get_reflection_interfaces($natif); |
|
| 1226 |
} else {
|
|
| 1227 |
$nat_if_list = array(); |
|
| 1228 |
} |
|
| 1229 |
|
|
| 1209 | 1230 |
$natrules .= "{$nordr}rdr {$rdrpass}on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr}" . ($nordr == "" ? " -> {$target}{$localport}\n" : "\n");
|
| 1210 | 1231 |
|
| 1211 | 1232 |
if(!empty($nat_if_list)) {
|
| ... | ... | |
| 1220 | 1241 |
$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr_reflect}" . ($nordr == "" ? " -> {$target}{$localport}\n" : "\n");
|
| 1221 | 1242 |
} |
| 1222 | 1243 |
|
| 1223 |
$nat_if_list[] = $natif;
|
|
| 1244 |
$nat_if_list = array_merge(array($natif), $nat_if_list);
|
|
| 1224 | 1245 |
if(!isset($rule['nordr'])) |
| 1225 | 1246 |
$natrules .= filter_generate_reflection_nat($rule, $nat_if_list, $protocol, "{$target}{$localport_nat}", $target_ip);
|
| 1226 | 1247 |
} |
Also available in: Unified diff
Add backend code for NAT reflection on 1:1 NAT mappings.