/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ df01982a

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	9ae40f2b	Scott Ullrich	<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			firewall_nat_edit.php
6			part of m0n0wall (http://m0n0.ch/wall)
7	9ae40f2b	Scott Ullrich
8	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9			All rights reserved.
10	9ae40f2b	Scott Ullrich
11	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13	9ae40f2b	Scott Ullrich
14	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16	9ae40f2b	Scott Ullrich
17	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20	9ae40f2b	Scott Ullrich
21	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33			require("guiconfig.inc");
34
35			if (!is_array($config['nat']['rule'])) {
36			$config['nat']['rule'] = array();
37			}
38	e99989d8	Scott Ullrich	//nat_rules_sort();
39	5b237745	Scott Ullrich	$a_nat = &$config['nat']['rule'];
40
41			$id = $_GET['id'];
42			if (isset($_POST['id']))
43			$id = $_POST['id'];
44
45			if (isset($id) && $a_nat[$id]) {
46			$pconfig['extaddr'] = $a_nat[$id]['external-address'];
47			$pconfig['proto'] = $a_nat[$id]['protocol'];
48			list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']);
49			$pconfig['localip'] = $a_nat[$id]['target'];
50			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
51			$pconfig['descr'] = $a_nat[$id]['descr'];
52			$pconfig['interface'] = $a_nat[$id]['interface'];
53			if (!$pconfig['interface'])
54			$pconfig['interface'] = "wan";
55			} else {
56			$pconfig['interface'] = "wan";
57			}
58
59			if ($_POST) {
60
61			if ($_POST['beginport_cust'] && !$_POST['beginport'])
62			$_POST['beginport'] = $_POST['beginport_cust'];
63			if ($_POST['endport_cust'] && !$_POST['endport'])
64			$_POST['endport'] = $_POST['endport_cust'];
65			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
66			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
67	9ae40f2b	Scott Ullrich
68	5b237745	Scott Ullrich	if (!$_POST['endport'])
69			$_POST['endport'] = $_POST['beginport'];
70	9ae40f2b	Scott Ullrich
71	5b237745	Scott Ullrich	unset($input_errors);
72			$pconfig = $_POST;
73
74			/* input validation */
75			$reqdfields = explode(" ", "interface proto beginport localip localbeginport");
76			$reqdfieldsn = explode(",", "Interface,Protocol,Start port,NAT IP,Local port");
77	9ae40f2b	Scott Ullrich
78	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
79	9ae40f2b	Scott Ullrich
80	5b237745	Scott Ullrich	if (($_POST['beginport'] && !is_port($_POST['beginport']))) {
81			$input_errors[] = "The start port must be an integer between 1 and 65535.";
82			}
83			if (($_POST['endport'] && !is_port($_POST['endport']))) {
84			$input_errors[] = "The end port must be an integer between 1 and 65535.";
85			}
86			if (($_POST['localbeginport'] && !is_port($_POST['localbeginport']))) {
87			$input_errors[] = "The local port must be an integer between 1 and 65535.";
88			}
89			if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
90			$input_errors[] = "A valid NAT IP address or host alias must be specified.";
91			}
92	9ae40f2b	Scott Ullrich
93	5b237745	Scott Ullrich	if ($_POST['beginport'] > $_POST['endport']) {
94			/* swap */
95			$tmp = $_POST['endport'];
96			$_POST['endport'] = $_POST['beginport'];
97			$_POST['beginport'] = $tmp;
98			}
99	9ae40f2b	Scott Ullrich
100	5b237745	Scott Ullrich	if (!$input_errors) {
101			if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
102			$input_errors[] = "The target port range must lie between 1 and 65535.";
103			}
104	9ae40f2b	Scott Ullrich
105	5b237745	Scott Ullrich	/* check for overlaps */
106			foreach ($a_nat as $natent) {
107			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
108			continue;
109			if ($natent['interface'] != $_POST['interface'])
110			continue;
111			if ($natent['external-address'] != $_POST['extaddr'])
112			continue;
113	9ae40f2b	Scott Ullrich
114	5b237745	Scott Ullrich	list($begp,$endp) = explode("-", $natent['external-port']);
115			if (!$endp)
116			$endp = $begp;
117	9ae40f2b	Scott Ullrich
118	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
119			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
120	9ae40f2b	Scott Ullrich
121	5b237745	Scott Ullrich	$input_errors[] = "The external port range overlaps with an existing entry.";
122			break;
123			}
124			}
125
126			if (!$input_errors) {
127			$natent = array();
128			if ($_POST['extaddr'])
129			$natent['external-address'] = $_POST['extaddr'];
130			$natent['protocol'] = $_POST['proto'];
131	9ae40f2b	Scott Ullrich
132	5b237745	Scott Ullrich	if ($_POST['beginport'] == $_POST['endport'])
133			$natent['external-port'] = $_POST['beginport'];
134			else
135			$natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport'];
136	9ae40f2b	Scott Ullrich
137	5b237745	Scott Ullrich	$natent['target'] = $_POST['localip'];
138			$natent['local-port'] = $_POST['localbeginport'];
139			$natent['interface'] = $_POST['interface'];
140			$natent['descr'] = $_POST['descr'];
141	9ae40f2b	Scott Ullrich
142	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id])
143			$a_nat[$id] = $natent;
144			else
145			$a_nat[] = $natent;
146	9ae40f2b	Scott Ullrich
147	5b237745	Scott Ullrich	touch($d_natconfdirty_path);
148	9ae40f2b	Scott Ullrich
149	5b237745	Scott Ullrich	if ($_POST['autoadd']) {
150			/* auto-generate a matching firewall rule */
151	9ae40f2b	Scott Ullrich	$filterent = array();
152	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
153			$filterent['protocol'] = $_POST['proto'];
154			$filterent['source']['any'] = "";
155			$filterent['destination']['address'] = $_POST['localip'];
156	9ae40f2b	Scott Ullrich
157	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
158			$dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport'];
159	9ae40f2b	Scott Ullrich
160	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
161			$filterent['destination']['port'] = $dstpfrom;
162			else
163			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
164	9ae40f2b	Scott Ullrich
165	5b237745	Scott Ullrich	$filterent['descr'] = "NAT " . $_POST['descr'];
166	9ae40f2b	Scott Ullrich
167	5b237745	Scott Ullrich	$config['filter']['rule'][] = $filterent;
168	9ae40f2b	Scott Ullrich
169	5b237745	Scott Ullrich	touch($d_filterconfdirty_path);
170			}
171	9ae40f2b	Scott Ullrich
172	5b237745	Scott Ullrich	write_config();
173	9ae40f2b	Scott Ullrich
174	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
175			exit;
176			}
177			}
178			?>
179			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
180			<html>
181			<head>
182	e8074dcd	Bill Marquette	<title><?=gentitle("Firewall: NAT: Edit inbound");?></title>
183	5b237745	Scott Ullrich	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
184			<link href="gui.css" rel="stylesheet" type="text/css">
185			<script language="JavaScript">
186			<!--
187			function ext_change() {
188			if (document.iform.beginport.selectedIndex == 0) {
189			document.iform.beginport_cust.disabled = 0;
190			} else {
191			document.iform.beginport_cust.value = "";
192			document.iform.beginport_cust.disabled = 1;
193			}
194			if (document.iform.endport.selectedIndex == 0) {
195			document.iform.endport_cust.disabled = 0;
196			} else {
197			document.iform.endport_cust.value = "";
198			document.iform.endport_cust.disabled = 1;
199			}
200			if (document.iform.localbeginport.selectedIndex == 0) {
201			document.iform.localbeginport_cust.disabled = 0;
202			} else {
203			document.iform.localbeginport_cust.value = "";
204			document.iform.localbeginport_cust.disabled = 1;
205			}
206			}
207			function ext_rep_change() {
208			document.iform.endport.selectedIndex = document.iform.beginport.selectedIndex;
209			document.iform.localbeginport.selectedIndex = document.iform.beginport.selectedIndex;
210			}
211			//-->
212			</script>
213			</head>
214
215			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
216			<?php include("fbegin.inc"); ?>
217	e8074dcd	Bill Marquette	<p class="pgtitle">Firewall: NAT: Edit inbound</p>
218	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
219			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
220			<table width="100%" border="0" cellpadding="6" cellspacing="0">
221			<tr>
222			<td width="22%" valign="top" class="vncellreq">Interface</td>
223			<td width="78%" class="vtable">
224			<select name="interface" class="formfld">
225			<?php
226	559911e1	Scott Ullrich	$interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
227	5b237745	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
228			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
229			}
230			foreach ($interfaces as $iface => $ifacename): ?>
231			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
232			<?=htmlspecialchars($ifacename);?>
233			</option>
234			<?php endforeach; ?>
235			</select><br>
236			<span class="vexpl">Choose which interface this rule applies to.<br>
237			Hint: in most cases, you'll want to use WAN here.</span></td>
238			</tr>
239	9ae40f2b	Scott Ullrich	<tr>
240	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">External address</td>
241	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
242	5b237745	Scott Ullrich	<select name="extaddr" class="formfld">
243			<option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option>
244			<?php
245			if (is_array($config['nat']['servernat'])):
246			foreach ($config['nat']['servernat'] as $sn): ?>
247			<option value="<?=$sn['ipaddr'];?>" <?php if ($sn['ipaddr'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['ipaddr']} ({$sn['descr']})");?></option>
248			<?php endforeach; endif; ?>
249			</select><br>
250			<span class="vexpl">
251			If you want this rule to apply to another IP address than the IP address of the interface chosen above,
252			select it here (you need to define IP addresses on the
253			<a href="firewall_nat_server.php">Server NAT</a> page first).</span></td>
254			</tr>
255	9ae40f2b	Scott Ullrich	<tr>
256	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
257	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
258	5b237745	Scott Ullrich	<select name="proto" class="formfld">
259			<?php $protocols = explode(" ", "TCP UDP TCP/UDP"); foreach ($protocols as $proto): ?>
260			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
261			<?php endforeach; ?>
262	9ae40f2b	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
263	5b237745	Scott Ullrich	this rule should match.<br>
264			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
265			</tr>
266	9ae40f2b	Scott Ullrich	<tr>
267			<td width="22%" valign="top" class="vncellreq">External port
268	5b237745	Scott Ullrich	range </td>
269	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
270	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
271	9ae40f2b	Scott Ullrich	<tr>
272	5b237745	Scott Ullrich	<td>from:  </td>
273			<td><select name="beginport" class="formfld" onChange="ext_rep_change();ext_change()">
274			<option value="">(other)</option>
275			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
276			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) {
277			echo "selected";
278			$bfound = 1;
279			}?>>
280			<?=htmlspecialchars($wkportdesc);?>
281			</option>
282			<?php endforeach; ?>
283			</select> <input name="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td>
284			</tr>
285	9ae40f2b	Scott Ullrich	<tr>
286	5b237745	Scott Ullrich	<td>to:</td>
287			<td><select name="endport" class="formfld" onChange="ext_change()">
288			<option value="">(other)</option>
289			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
290			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) {
291			echo "selected";
292			$bfound = 1;
293			}?>>
294			<?=htmlspecialchars($wkportdesc);?>
295			</option>
296			<?php endforeach; ?>
297			</select> <input name="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td>
298			</tr>
299			</table>
300	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range on
301	5b237745	Scott Ullrich	the firewall's external address for this mapping.<br>
302	9ae40f2b	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
303	5b237745	Scott Ullrich	want to map a single port</span></td>
304			</tr>
305	9ae40f2b	Scott Ullrich	<tr>
306	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">NAT IP</td>
307	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
308			<input autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);' onkeydown='actb_checkkey(event, this)' onkeyup='actb_tocomplete(this,event,addressarray);' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
309			<br> <span class="vexpl">Enter the internal IP address of
310	5b237745	Scott Ullrich	the server on which you want to map the ports.<br>
311			e.g. <em>192.168.1.12</em></span></td>
312			</tr>
313	9ae40f2b	Scott Ullrich	<tr>
314	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local port</td>
315	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
316	5b237745	Scott Ullrich	<select name="localbeginport" class="formfld" onChange="ext_change()">
317			<option value="">(other)</option>
318			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
319			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
320			echo "selected";
321			$bfound = 1;
322			}?>>
323			<?=htmlspecialchars($wkportdesc);?>
324			</option>
325			<?php endforeach; ?>
326	9ae40f2b	Scott Ullrich	</select> <input name="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>">
327	5b237745	Scott Ullrich	<br>
328	9ae40f2b	Scott Ullrich	<span class="vexpl">Specify the port on the machine with the
329			IP address entered above. In case of a port range, specify
330			the beginning port of the range (the end port will be calculated
331	5b237745	Scott Ullrich	automatically).<br>
332			Hint: this is usually identical to the 'from' port above</span></td>
333			</tr>
334	9ae40f2b	Scott Ullrich	<tr>
335	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
336	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
337			<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
338			<br> <span class="vexpl">You may enter a description here
339	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
340			</tr><?php if (!(isset($id) && $a_nat[$id])): ?>
341	9ae40f2b	Scott Ullrich	<tr>
342	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
343	9ae40f2b	Scott Ullrich	<td width="78%">
344	5b237745	Scott Ullrich	<input name="autoadd" type="checkbox" id="autoadd" value="yes">
345	9ae40f2b	Scott Ullrich	<strong>Auto-add a firewall rule to permit traffic through
346	5b237745	Scott Ullrich	this NAT rule</strong></td>
347			</tr><?php endif; ?>
348	9ae40f2b	Scott Ullrich	<tr>
349	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
350	9ae40f2b	Scott Ullrich	<td width="78%">
351			<input name="Submit" type="submit" class="formbtn" value="Save">
352	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
353	9ae40f2b	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
354	5b237745	Scott Ullrich	<?php endif; ?>
355			</td>
356			</tr>
357			</table>
358			</form>
359			<script language="JavaScript">
360			<!--
361			ext_change();
362			//-->
363			</script>
364	9ae40f2b	Scott Ullrich	<?php
365			$isfirst = 0;
366			$aliases = "";
367			$addrisfirst = 0;
368			$aliasesaddr = "";
369	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
370			foreach($config['aliases']['alias'] as $alias_name) {
371			if(!stristr($alias_name['address'], ".")) {
372			if($isfirst == 1) $aliases .= ",";
373			$aliases .= "'" . $alias_name['name'] . "'";
374			$isfirst = 1;
375			} else {
376			if($addrisfirst == 1) $aliasesaddr .= ",";
377			$aliasesaddr .= "'" . $alias_name['name'] . "'";
378			$addrisfirst = 1;
379			}
380	9ae40f2b	Scott Ullrich	}
381			?>
382			<script language="JavaScript">
383			<!--
384			var addressarray=new Array(<?php echo $aliasesaddr; ?>);
385			var customarray=new Array(<?php echo $aliases; ?>);
386			//-->
387			</script>
388			<script type="text/javascript" language="javascript" src="auto_complete_helper.js">
389			</script>
390	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
391			</body>
392			</html>

Project

General

Profile

pfSense