/usr/local/www/firewall_nat_out.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_out.php @ f742c43e

1	19ae0929	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	858f313d	Renato Botelho	firewall_nat_out.php
5			Copyright (C) 2004 Scott Ullrich
6	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7	858f313d	Renato Botelho	All rights reserved.
8
9			originally part of m0n0wall (http://m0n0.ch/wall)
10			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			All rights reserved.
12
13			Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15
16			1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18
19			2. Redistributions in binary form must reproduce the above copyright
20			notice, this list of conditions and the following disclaimer in the
21			documentation and/or other materials provided with the distribution.
22
23			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32			POSSIBILITY OF SUCH DAMAGE.
33	5b237745	Scott Ullrich	*/
34	7ac5a4cb	Scott Ullrich	/*
35			pfSense_MODULE: nat
36			*/
37	5b237745	Scott Ullrich
38	6b07c15a	Matthew Grooms	##\|+PRIV
39			##\|*IDENT=page-firewall-nat-outbound
40			##\|*NAME=Firewall: NAT: Outbound page
41			##\|*DESCR=Allow access to the 'Firewall: NAT: Outbound' page.
42			##\|MATCH=firewall_nat_out.php
43			##\|-PRIV
44
45	5b237745	Scott Ullrich	require("guiconfig.inc");
46	7a927e67	Scott Ullrich	require_once("functions.inc");
47			require_once("filter.inc");
48			require_once("shaper.inc");
49	5b237745	Scott Ullrich
50	6f61fea6	Renato Botelho	global $FilterIflist;
51	2154560d	Ermal	global $GatewaysList;
52	6f61fea6	Renato Botelho
53	eef01b14	Renato Botelho	if (!is_array($config['nat']['outbound']))
54			$config['nat']['outbound'] = array();
55	c44d3cf7	Ermal Lu?i
56	eef01b14	Renato Botelho	if (!is_array($config['nat']['outbound']['rule']))
57			$config['nat']['outbound']['rule'] = array();
58	19ae0929	Scott Ullrich
59	eef01b14	Renato Botelho	$a_out = &$config['nat']['outbound']['rule'];
60	5b237745	Scott Ullrich
61	bef388a7	Renato Botelho	if (!isset($config['nat']['outbound']['mode']))
62			$config['nat']['outbound']['mode'] = "automatic";
63
64			$mode = $config['nat']['outbound']['mode'];
65
66	82d0dfc4	Scott Ullrich	if ($_POST['apply']) {
67			write_config();
68	5b237745	Scott Ullrich
69	82d0dfc4	Scott Ullrich	$retval = 0;
70	920b3bb0	Scott Ullrich	$retval \|= filter_configure();
71
72	e8c2c890	Bill Marquette	if(stristr($retval, "error") <> true)
73			$savemsg = get_std_save_message($retval);
74			else
75			$savemsg = $retval;
76	19ae0929	Scott Ullrich
77	82d0dfc4	Scott Ullrich	if ($retval == 0) {
78	a368a026	Ermal Lu?i	clear_subsystem_dirty('natconf');
79			clear_subsystem_dirty('filter');
80	858f313d	Renato Botelho	}
81	5b237745	Scott Ullrich	}
82
83	82d0dfc4	Scott Ullrich	if (isset($_POST['save']) && $_POST['save'] == "Save") {
84	53bf5f1d	Seth Mos	/* mutually exclusive settings - if user wants advanced NAT, we don't generate automatic rules */
85	aef6978d	Renato Botelho	if ($_POST['mode'] == "advanced" && ($mode == "automatic" \|\| $mode == "hybrid")) {
86	eef01b14	Renato Botelho	/*
87			* user has enabled advanced outbound NAT and doesn't have rules
88			* lets automatically create entries
89			* for all of the interfaces to make life easier on the pip-o-chap
90			*/
91	6f61fea6	Renato Botelho	if(empty($FilterIflist))
92			filter_generate_optcfg_array();
93	2154560d	Ermal	if(empty($GatewaysList))
94			filter_generate_gateways();
95	6f61fea6	Renato Botelho	$tonathosts = filter_nat_rules_automatic_tonathosts(true);
96			$automatic_rules = filter_nat_rules_outbound_automatic("");
97
98			foreach ($tonathosts as $tonathost) {
99			foreach ($automatic_rules as $natent) {
100			$natent['source']['network'] = $tonathost['subnet'];
101			$natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'),
102			$tonathost['descr'],
103			convert_real_interface_to_friendly_descr($natent['interface']));
104	eef01b14	Renato Botelho	$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
105	aef6978d	Renato Botelho
106			/* Try to detect already auto created rules and avoid duplicate them */
107			$found = false;
108			foreach ($a_out as $rule) {
109			if ($rule['interface'] == $natent['interface'] &&
110			$rule['source']['network'] == $natent['source']['network'] &&
111			$rule['dstport'] == $natent['dstport'] &&
112			$rule['target'] == $natent['target'] &&
113			$rule['descr'] == $natent['descr']) {
114			$found = true;
115			break;
116			}
117			}
118
119			if ($found === false)
120			$a_out[] = $natent;
121	eef01b14	Renato Botelho	}
122	82d0dfc4	Scott Ullrich	}
123	eef01b14	Renato Botelho	$savemsg = gettext("Default rules for each interface have been created.");
124	2154560d	Ermal	unset($FilterIflist, $GatewaysList);
125	82d0dfc4	Scott Ullrich	}
126	eef01b14	Renato Botelho
127			$config['nat']['outbound']['mode'] = $_POST['mode'];
128
129	3a343d73	jim-p	if (write_config())
130			mark_subsystem_dirty('natconf');
131	858f313d	Renato Botelho	header("Location: firewall_nat_out.php");
132			exit;
133	fe693b89	Bill Marquette	}
134
135	dd65598e	Darren Embry	if ($_GET['act'] == "del") {
136			if ($a_out[$_GET['id']]) {
137			unset($a_out[$_GET['id']]);
138	3a343d73	jim-p	if (write_config())
139			mark_subsystem_dirty('natconf');
140	dd65598e	Darren Embry	header("Location: firewall_nat_out.php");
141			exit;
142			}
143			}
144
145	9c96aff5	Bill Marquette	if (isset($_POST['del_x'])) {
146	858f313d	Renato Botelho	/* delete selected rules */
147			if (is_array($_POST['rule']) && count($_POST['rule'])) {
148			foreach ($_POST['rule'] as $rulei) {
149			unset($a_out[$rulei]);
150			}
151	3a343d73	jim-p	if (write_config())
152			mark_subsystem_dirty('natconf');
153	858f313d	Renato Botelho	header("Location: firewall_nat_out.php");
154			exit;
155			}
156	9c96aff5	Bill Marquette
157	6ae8c4f2	PiBa-NL	} else if ($_GET['act'] == "toggle") {
158			if ($a_out[$_GET['id']]) {
159			if(isset($a_out[$_GET['id']]['disabled']))
160			unset($a_out[$_GET['id']]['disabled']);
161			else
162			$a_out[$_GET['id']]['disabled'] = true;
163			if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule"))
164			mark_subsystem_dirty('natconf');
165			header("Location: firewall_nat_out.php");
166			exit;
167			}
168	9c96aff5	Bill Marquette	} else {
169	858f313d	Renato Botelho	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
170			unset($movebtn);
171			foreach ($_POST as $pn => $pd) {
172			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
173			$movebtn = $matches[1];
174			break;
175			}
176			}
177			/* move selected rules before this rule */
178			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
179			$a_out_new = array();
180
181			/* copy all rules < $movebtn and not selected */
182			for ($i = 0; $i < $movebtn; $i++) {
183			if (!in_array($i, $_POST['rule']))
184			$a_out_new[] = $a_out[$i];
185			}
186	9c96aff5	Bill Marquette
187	858f313d	Renato Botelho	/* copy all selected rules */
188			for ($i = 0; $i < count($a_out); $i++) {
189			if ($i == $movebtn)
190			continue;
191			if (in_array($i, $_POST['rule']))
192			$a_out_new[] = $a_out[$i];
193			}
194	9c96aff5	Bill Marquette
195	858f313d	Renato Botelho	/* copy $movebtn rule */
196			if ($movebtn < count($a_out))
197			$a_out_new[] = $a_out[$movebtn];
198	9c96aff5	Bill Marquette
199	858f313d	Renato Botelho	/* copy all rules > $movebtn and not selected */
200			for ($i = $movebtn+1; $i < count($a_out); $i++) {
201			if (!in_array($i, $_POST['rule']))
202			$a_out_new[] = $a_out[$i];
203			}
204			if (count($a_out_new) > 0)
205	82d0dfc4	Scott Ullrich	$a_out = $a_out_new;
206
207	3a343d73	jim-p	if (write_config())
208			mark_subsystem_dirty('natconf');
209	858f313d	Renato Botelho	header("Location: firewall_nat_out.php");
210			exit;
211			}
212	5b237745	Scott Ullrich	}
213	9c96aff5	Bill Marquette
214	ff01cbff	Vinicius Coque	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Outbound"));
215	6eb17647	Scott Ullrich	include("head.inc");
216
217	24f600b0	Scott Ullrich	?>
218	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
219			<?php include("fbegin.inc"); ?>
220	fe693b89	Bill Marquette	<form action="firewall_nat_out.php" method="post" name="iform">
221	07130afe	ayvis	<script type="text/javascript" src="/javascript/row_toggle.js"></script>
222	a8726a3d	Scott Ullrich	<?php
223	858f313d	Renato Botelho	if ($savemsg)
224			print_info_box($savemsg);
225			if (is_subsystem_dirty('natconf'))
226	8cd558b6	ayvis	print_info_box_np(gettext("The NAT configuration has been changed.")."<br />".gettext("You must apply the changes in order for them to take effect."));
227	a8726a3d	Scott Ullrich	?>
228	8cd558b6	ayvis	<br />
229	a9be92f0	Renato Botelho	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat outbound">
230	858f313d	Renato Botelho	<tr><td>
231			<?php
232			$tab_array = array();
233			$tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php");
234			$tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php");
235			$tab_array[] = array(gettext("Outbound"), true, "firewall_nat_out.php");
236			$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
237			display_top_tabs($tab_array);
238			?>
239			</td></tr>
240			<tr>
241			<td>
242			<div id="mainarea">
243			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
244			<tr>
245	eef01b14	Renato Botelho	<td rowspan="3" align="right" valign="middle"><b><?=gettext("Mode:"); ?></b></td>
246			<td>
247	bef388a7	Renato Botelho	<input name="mode" type="radio" id="automatic" value="automatic" <?php if ($mode == "automatic") echo "checked=\"checked\"";?> />
248	eef01b14	Renato Botelho	</td>
249	858f313d	Renato Botelho	<td>
250			<strong>
251	8cd558b6	ayvis	<?=gettext("Automatic outbound NAT rule generation"); ?><br />
252	eef01b14	Renato Botelho	<?=gettext("(IPsec passthrough included)");?>
253	858f313d	Renato Botelho	</strong>
254			</td>
255			<td>
256	bef388a7	Renato Botelho	<input name="mode" type="radio" id="hybrid" value="hybrid" <?php if ($mode == "hybrid") echo "checked=\"checked\"";?> />
257	eef01b14	Renato Botelho	</td>
258			<td>
259	858f313d	Renato Botelho	<strong>
260	8cd558b6	ayvis	<?=gettext("Hybrid Outbound NAT rule generation"); ?><br />
261	eef01b14	Renato Botelho	<?=gettext("(Automatic Outbound NAT + rules below)");?>
262	858f313d	Renato Botelho	</strong>
263			</td>
264	eef01b14	Renato Botelho	<td rowspan="3" valign="middle" align="left">
265	858f313d	Renato Botelho	<input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
266			</td>
267			</tr>
268	5d2c6f3e	Scott Ullrich	<tr>
269	eef01b14	Renato Botelho	<td colspan="4">
270	5d2c6f3e	Scott Ullrich
271			</td>
272			</tr>
273			<tr>
274	eef01b14	Renato Botelho	<td>
275	bef388a7	Renato Botelho	<input name="mode" type="radio" id="advanced" value="advanced" <?php if ($mode == "advanced") echo "checked=\"checked\"";?> />
276	eef01b14	Renato Botelho	</td>
277			<td>
278			<strong>
279	8cd558b6	ayvis	<?=gettext("Manual Outbound NAT rule generation"); ?><br />
280	eef01b14	Renato Botelho	<?=gettext("(AON - Advanced Outbound NAT)");?>
281			</strong>
282			</td>
283			<td>
284	bef388a7	Renato Botelho	<input name="mode" type="radio" id="disabled" value="disabled" <?php if ($mode == "disabled") echo "checked=\"checked\"";?> />
285	eef01b14	Renato Botelho	</td>
286			<td>
287			<strong>
288	8cd558b6	ayvis	<?=gettext("Disable Outbound NAT rule generation"); ?><br />
289	eef01b14	Renato Botelho	<?=gettext("(No Outbound NAT rules)");?>
290			</strong>
291			</td>
292			</tr>
293			<tr>
294			<td colspan="6">
295	5d2c6f3e	Scott Ullrich
296			</td>
297			</tr>
298	858f313d	Renato Botelho	</table>
299			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="mappings">
300	2ca03544	Carlos Eduardo Ramos	<tr><td colspan="5"><b> <?=gettext("Mappings:"); ?></b></td></tr>
301	d5475741	Scott Ullrich	<tr><td> </td></tr>
302	858f313d	Renato Botelho	<tr id="frheader">
303			<td width="3%" class="list"> </td>
304			<td width="3%" class="list"> </td>
305			<td width="10%" class="listhdrr"><?=gettext("Interface");?></td>
306			<td width="15%" class="listhdrr"><?=gettext("Source");?></td>
307			<td width="10%" class="listhdrr"><?=gettext("Source Port");?></td>
308			<td width="15%" class="listhdrr"><?=gettext("Destination");?></td>
309			<td width="10%" class="listhdrr"><?=gettext("Destination Port");?></td>
310			<td width="15%" class="listhdrr"><?=gettext("NAT Address");?></td>
311			<td width="10%" class="listhdrr"><?=gettext("NAT Port");?></td>
312			<td width="10%" class="listhdrr"><?=gettext("Static Port");?></td>
313			<td width="25%" class="listhdr"><?=gettext("Description");?></td>
314			<td width="5%" class="list">
315			<table border="0" cellspacing="0" cellpadding="1" summary="add">
316			<tr>
317			<td width="17"></td>
318			<td>
319			<a href="firewall_nat_out_edit.php?after=-1">
320			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add new mapping");?>" alt="add" />
321			</a>
322			</td>
323			</tr>
324			</table>
325			</td>
326			</tr>
327			<?php
328	a0e1f0f1	Renato Botelho	$i = 0;
329	858f313d	Renato Botelho	foreach ($a_out as $natent):
330	c83d04dc	Renato Botelho	$iconfn = "pass";
331			$textss = $textse = "";
332			if ($mode == "disabled" \|\| $mode == "automatic" \|\| isset($natent['disabled'])) {
333			$textss = "<span class=\"gray\">";
334			$textse = "</span>";
335			$iconfn .= "_d";
336			}
337	0e42cad8	Renato Botelho
338			//build Alias popup box
339			$alias_src_span_begin = "";
340			$alias_src_port_span_begin = "";
341			$alias_dst_span_begin = "";
342			$alias_dst_port_span_begin = "";
343
344			$alias_popup = rule_popup($natent['source']['network'],pprint_port($natent['sourceport']),$natent['destination']['address'],pprint_port($natent['dstport']));
345
346			$alias_src_span_begin = $alias_popup["src"];
347			$alias_src_port_span_begin = $alias_popup["srcport"];
348			$alias_dst_span_begin = $alias_popup["dst"];
349			$alias_dst_port_span_begin = $alias_popup["dstport"];
350
351			$alias_src_span_end = $alias_popup["src_end"];
352			$alias_src_port_span_end = $alias_popup["srcport_end"];
353			$alias_dst_span_end = $alias_popup["dst_end"];
354			$alias_dst_port_span_end = $alias_popup["dstport_end"];
355	858f313d	Renato Botelho	?>
356	a0e1f0f1	Renato Botelho	<tr valign="top" id="fr<?=$i;?>">
357	858f313d	Renato Botelho	<td class="listt">
358	a0e1f0f1	Renato Botelho	<input type="checkbox" id="frc<?=$i;?>" name="rule[]" value="<?=$i;?>" onclick="fr_bgcolor('<?=$i;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" />
359	858f313d	Renato Botelho	</td>
360			<td class="listt" align="center">
361			<?php
362	c83d04dc	Renato Botelho	if ($mode == "disabled" \|\| $mode == "automatic"):
363	bef388a7	Renato Botelho	?>
364	c83d04dc	Renato Botelho	<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0"
365			title="<?=gettext("This rule is being ignored");?>" alt="icon" />
366	bef388a7	Renato Botelho	<?php
367	c83d04dc	Renato Botelho	else:
368	bef388a7	Renato Botelho	?>
369	c83d04dc	Renato Botelho	<a href="?act=toggle&id=<?=$i;?>">
370			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0"
371			title="<?=gettext("click to toggle enabled/disabled status");?>" alt="icon" />
372			</a>
373	bef388a7	Renato Botelho	<?php
374			endif;
375	858f313d	Renato Botelho	?>
376			</td>
377	a0e1f0f1	Renato Botelho	<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
378	c83d04dc	Renato Botelho	<?php echo $textss . htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . $textse; ?>
379	858f313d	Renato Botelho
380			</td>
381	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
382	67eec085	jim-p	<?PHP $natent['source']['network'] = ($natent['source']['network'] == "(self)") ? "This Firewall" : $natent['source']['network']; ?>
383	0e42cad8	Renato Botelho	<?php echo $textss . $alias_src_span_begin . $natent['source']['network'] . $alias_src_span_end . $textse;?>
384	858f313d	Renato Botelho	</td>
385	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
386	858f313d	Renato Botelho	<?php
387	c83d04dc	Renato Botelho	echo $textss;
388	858f313d	Renato Botelho	echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
389			if (!$natent['sourceport'])
390			echo "*";
391			else
392	0e42cad8	Renato Botelho	echo $alias_src_port_span_begin . $natent['sourceport'] . $alias_src_port_span_end;
393	c83d04dc	Renato Botelho	echo $textse;
394	858f313d	Renato Botelho	?>
395			</td>
396	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
397	858f313d	Renato Botelho	<?php
398	c83d04dc	Renato Botelho	echo $textss;
399	858f313d	Renato Botelho	if (isset($natent['destination']['any']))
400			echo "*";
401			else {
402			if (isset($natent['destination']['not']))
403			echo "! ";
404	0e42cad8	Renato Botelho	echo $alias_dst_span_begin . $natent['destination']['address'] . $alias_dst_span_end;
405	858f313d	Renato Botelho	}
406	c83d04dc	Renato Botelho	echo $textse;
407	858f313d	Renato Botelho	?>
408			</td>
409	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
410	858f313d	Renato Botelho	<?php
411	c83d04dc	Renato Botelho	echo $textss;
412	858f313d	Renato Botelho	echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
413			if (!$natent['dstport'])
414			echo "*";
415			else
416	0e42cad8	Renato Botelho	echo $alias_dst_port_span_begin . $natent['dstport'] . $alias_dst_port_span_end;
417	c83d04dc	Renato Botelho	echo $textse;
418	858f313d	Renato Botelho	?>
419			</td>
420	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
421	858f313d	Renato Botelho	<?php
422	c83d04dc	Renato Botelho	echo $textss;
423	858f313d	Renato Botelho	if (isset($natent['nonat']))
424			echo '<I>NO NAT</I>';
425			elseif (!$natent['target'])
426			echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
427			elseif ($natent['target'] == "other-subnet")
428			echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
429			else
430			echo $natent['target'];
431	c83d04dc	Renato Botelho	echo $textse;
432	858f313d	Renato Botelho	?>
433			</td>
434	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
435	858f313d	Renato Botelho	<?php
436	c83d04dc	Renato Botelho	echo $textss;
437	858f313d	Renato Botelho	if (!$natent['natport'])
438			echo "*";
439			else
440			echo $natent['natport'];
441	c83d04dc	Renato Botelho	echo $textse;
442	858f313d	Renato Botelho	?>
443			</td>
444	a0e1f0f1	Renato Botelho	<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';" align="center">
445	858f313d	Renato Botelho	<?php
446	c83d04dc	Renato Botelho	echo $textss;
447	858f313d	Renato Botelho	if(isset($natent['staticnatport']))
448			echo gettext("YES");
449			else
450			echo gettext("NO");
451	c83d04dc	Renato Botelho	echo $textse;
452	858f313d	Renato Botelho	?>
453			</td>
454	a0e1f0f1	Renato Botelho	<td class="listbg" onclick="fr_toggle(<?=$i;?>)" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
455	858f313d	Renato Botelho	<?=htmlspecialchars($natent['descr']);?>
456			</td>
457			<td class="list nowrap" valign="middle">
458			<table border="0" cellspacing="0" cellpadding="1" summary="move">
459			<tr>
460	a0e1f0f1	Renato Botelho	<td><input onmouseover="fr_insline(<?=$i;?>, true)" onmouseout="fr_insline(<?=$i;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" type="image" style="height:17;width:17;border:0" /></td>
461	858f313d	Renato Botelho	<td>
462			<a href="firewall_nat_out_edit.php?id=<?=$i;?>">
463			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit mapping");?>" alt="edit" />
464			</a>
465			</td>
466			</tr>
467			<tr>
468			<td align="center" valign="middle">
469			<a href="firewall_nat_out.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')">
470			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" />
471			</a>
472			</td>
473			<td>
474			<a href="firewall_nat_out_edit.php?dup=<?=$i;?>">
475			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="duplicate" />
476			</a>
477			</td>
478			</tr>
479			</table>
480			</td>
481			</tr>
482			<?php
483			$i++;
484			endforeach;
485	a2f0b7c1	Renato Botelho	?>
486	232d404d	Renato Botelho	<tr valign="top" id="fr<?=$i;?>">
487	a2f0b7c1	Renato Botelho	<td class="list" colspan="11"></td>
488			<td class="list nowrap" valign="middle">
489			<table border="0" cellspacing="0" cellpadding="1" summary="edit">
490			<tr>
491			<td>
492			<?php
493	a0e1f0f1	Renato Botelho	if ($i == 0):
494	a2f0b7c1	Renato Botelho	?>
495			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected mappings to end");?>" border="0" alt="move" />
496			<?php
497			else:
498			?>
499	232d404d	Renato Botelho	<input onmouseover="fr_insline(<?=$i;?>, true)" onmouseout="fr_insline(<?=$i;?>, false)" name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected mappings to end");?>" />
500	a2f0b7c1	Renato Botelho	<?php
501			endif;
502			?>
503			</td>
504			<td>
505			<a href="firewall_nat_out_edit.php">
506			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add new mapping");?>" alt="add" />
507			</a>
508			</td>
509			</tr>
510			<tr>
511			<td>
512			<?php
513	a0e1f0f1	Renato Botelho	if ($i == 0):
514	a2f0b7c1	Renato Botelho	?>
515			<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
516			<?php
517			else:
518			?>
519			<input name="del" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" style="width:17;height:17" title="<?=gettext("delete selected mappings");?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected mappings?");?>')" />
520			<?php
521			endif;
522			?>
523			</td>
524			</tr>
525			</table>
526			</td>
527			</tr>
528			<?php
529	bef388a7	Renato Botelho	if ($mode == "automatic" \|\| $mode == "hybrid"):
530			if(empty($FilterIflist))
531			filter_generate_optcfg_array();
532	32751b9f	Phil Davis	if(empty($GatewaysList))
533			filter_generate_gateways();
534	bef388a7	Renato Botelho	$automatic_rules = filter_nat_rules_outbound_automatic(implode(" ", filter_nat_rules_automatic_tonathosts()));
535	2154560d	Ermal	unset($FilterIflist, $GatewaysList);
536	a2f0b7c1	Renato Botelho	?>
537			<tr><td colspan="5"><b> <?=gettext("Automatic rules:"); ?></b></td></tr>
538			<tr><td> </td></tr>
539			<tr id="frheader">
540			<td width="3%" class="list"> </td>
541			<td width="3%" class="list"> </td>
542			<td width="10%" class="listhdrr"><?=gettext("Interface");?></td>
543			<td width="15%" class="listhdrr"><?=gettext("Source");?></td>
544			<td width="10%" class="listhdrr"><?=gettext("Source Port");?></td>
545			<td width="15%" class="listhdrr"><?=gettext("Destination");?></td>
546			<td width="10%" class="listhdrr"><?=gettext("Destination Port");?></td>
547			<td width="15%" class="listhdrr"><?=gettext("NAT Address");?></td>
548			<td width="10%" class="listhdrr"><?=gettext("NAT Port");?></td>
549			<td width="10%" class="listhdrr"><?=gettext("Static Port");?></td>
550			<td width="25%" class="listhdr"><?=gettext("Description");?></td>
551			<td width="5%" class="list"> </td>
552			</tr>
553			<?php
554	bef388a7	Renato Botelho	foreach ($automatic_rules as $natent):
555			?>
556	a0e1f0f1	Renato Botelho	<tr valign="top">
557	bef388a7	Renato Botelho	<td class="list"> </td>
558			<td class="listt" align="center">
559			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" border="0" title="<?=gettext("automatic outbound nat");?>" alt="icon" />
560			</td>
561			<td class="listlr" style="background-color: #E0E0E0">
562			<?php echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?>
563
564			</td>
565			<td class="listr" style="background-color: #E0E0E0">
566			<?=$natent['source']['network'];?>
567			</td>
568			<td class="listr" style="background-color: #E0E0E0">
569			<?php
570			echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
571			if (!$natent['sourceport'])
572			echo "*";
573			else
574			echo $natent['sourceport'];
575			?>
576			</td>
577			<td class="listr" style="background-color: #E0E0E0">
578			<?php
579			if (isset($natent['destination']['any']))
580			echo "*";
581			else {
582			if (isset($natent['destination']['not']))
583			echo "! ";
584			echo $natent['destination']['address'];
585			}
586			?>
587			</td>
588			<td class="listr" style="background-color: #E0E0E0">
589			<?php
590			echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
591			if (!$natent['dstport'])
592			echo "*";
593			else
594			echo $natent['dstport'];
595			?>
596			</td>
597			<td class="listr" style="background-color: #E0E0E0">
598			<?php
599			if (isset($natent['nonat']))
600			echo '<I>NO NAT</I>';
601			elseif (!$natent['target'])
602			echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
603			elseif ($natent['target'] == "other-subnet")
604			echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
605			else
606			echo $natent['target'];
607			?>
608			</td>
609			<td class="listr" style="background-color: #E0E0E0">
610			<?php
611			if (!$natent['natport'])
612			echo "*";
613			else
614			echo $natent['natport'];
615			?>
616			</td>
617			<td class="listr" style="background-color: #E0E0E0">
618			<?php
619			if(isset($natent['staticnatport']))
620			echo gettext("YES");
621			else
622			echo gettext("NO");
623			?>
624			</td>
625			<td class="listbg">
626			<?=htmlspecialchars($natent['descr']);?>
627			</td>
628			<td class="list"> </td>
629			</tr>
630			<?php
631			endforeach;
632			endif;
633	858f313d	Renato Botelho	?>
634			<tr>
635			<td colspan="12">
636			<p><span class="vexpl">
637	8cd558b6	ayvis	<span class="red"><strong><?=gettext("Note:"); ?><br /></strong></span>
638	858211dd	Renato Botelho	<?=gettext("If automatic outbound NAT selected, a mapping is automatically created " .
639	858f313d	Renato Botelho	"for each interface's subnet (except WAN-type connections) and the rules " .
640	8cd558b6	ayvis	"on \"Mappings\" section of this page are ignored.<br /><br /> " .
641	858211dd	Renato Botelho	"If manual outbound NAT is selected, outbound NAT rules will not be " .
642	858f313d	Renato Botelho	"automatically generated and only the mappings you specify on this page " .
643	8cd558b6	ayvis	"will be used. <br /><br /> " .
644	858211dd	Renato Botelho	"If hybrid outbound NAT is selected, mappings you specify on this page will " .
645	8cd558b6	ayvis	"be used, followed by the automatically generated ones. <br /><br />" .
646			"If disable outbound NAT is selected, no rules will be used. <br /><br />" .
647	b95399a7	Chris Buechler	"If a target address other than an interface's IP address is used, " .
648	858f313d	Renato Botelho	"then depending on the way the WAN connection is setup, a "); ?>
649			<a href="firewall_virtual_ip.php"><?=gettext("Virtual IP"); ?></a>
650			<?= gettext(" may also be required.") ?>
651			</span></p>
652			</td>
653			</tr>
654			</table>
655			</div>
656			</td>
657			</tr>
658	5b237745	Scott Ullrich	</table>
659	858f313d	Renato Botelho	</form>
660	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
661			</body>
662			</html>

Project

General

Profile

pfSense