diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-11-19 19:13:23 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-11-19 19:13:23 +0000 |
commit | 3e0896d5bc4343128192db5caab7ef17aa689c51 (patch) | |
tree | 38d8f77e476bedd11205df3ad9ff22876a04bd30 | |
parent | 605fe87fbb1f6f804ae9f15071586b1ecc93bf4a (diff) | |
download | pfsense-3e0896d5bc4343128192db5caab7ef17aa689c51.zip pfsense-3e0896d5bc4343128192db5caab7ef17aa689c51.tar.gz |
MFC 15106
Ticket #1146: binat rules MUST be before NAT else they don't work as
expected.
-rw-r--r-- | etc/inc/filter.inc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b6b3866..f09e312 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -569,6 +569,25 @@ function filter_nat_rules_generate() { } } + /* any 1:1 mappings? */ + if (is_array($config['nat']['onetoone'])) { + $natrules .= "\n"; + foreach ($config['nat']['onetoone'] as $natent) { + if (!is_numeric($natent['subnet'])) + $sn = 32; + else + $sn = $natent['subnet']; + + if (!$natent['interface'] || ($natent['interface'] == "wan")) + $natif = $wanif; + else + $natif = $config['interfaces'][$natent['interface']]['if']; + + if($natent['interface']) + $natrules .= "binat on \${$natent['interface']} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; + } + } + /* outbound rules - advanced or standard */ if (isset($config['nat']['advancedoutbound']['enable'])) { /* advanced outbound rules */ |