Revision ea51b897
Added by Scott Ullrich over 19 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 268 | 268 |
return $aliases; |
| 269 | 269 |
} |
| 270 | 270 |
|
| 271 |
function get_vpns_list() {
|
|
| 272 |
global $config; |
|
| 273 |
/* build list of vpns */ |
|
| 274 |
$vpns = ""; |
|
| 275 |
$isfirst = true; |
|
| 276 |
if($config['ipsec']['tunnel']) {
|
|
| 277 |
foreach($config['ipsec']['tunnel'] as $tunnel) {
|
|
| 278 |
if($isfirst == false) |
|
| 279 |
$vpns .= " "; |
|
| 280 |
$vpns .= $tunnel['remote-subnet']; |
|
| 281 |
$isfirst = false; |
|
| 282 |
} |
|
| 283 |
} |
|
| 284 |
return $vpns; |
|
| 285 |
} |
|
| 286 |
|
|
| 271 | 287 |
function generate_optcfg_array(& $optcfg) {
|
| 272 | 288 |
global $config; |
| 273 | 289 |
if(isset($config['system']['developerspew'])) {
|
| ... | ... | |
| 573 | 589 |
} |
| 574 | 590 |
$tmp_port = 8021 + $interface_counter; |
| 575 | 591 |
$tmp_interface = convert_friendly_interface_to_real_interface_name($ifname); |
| 576 |
$natrules .= "rdr on {$tmp_interface} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n";
|
|
| 592 |
$vpns = get_vpns_list(); |
|
| 593 |
/* if the user has defined, include the alias so that we do not redirect ftp |
|
| 594 |
connections across the tunnels to pftpx */ |
|
| 595 |
$vpns_list = get_vpns_list(); |
|
| 596 |
if($vpns_list) |
|
| 597 |
$vpns = "{ ! $vpns_list }";
|
|
| 598 |
else |
|
| 599 |
$vpns = "any"; |
|
| 600 |
$natrules .= "rdr on {$tmp_interface} proto tcp from any to {$vpns} port 21 -> 127.0.0.1 port {$tmp_port}\n";
|
|
| 577 | 601 |
$interface_counter++; |
| 578 | 602 |
} |
| 579 | 603 |
$natrules .= "\n"; |
Also available in: Unified diff
Do not redirect connections across ipsec vpns through PFTPX.