diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-02-19 23:53:43 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-02-19 23:53:43 +0000 |
commit | 754b5daff5ba70dba76d6a9279f95fa5f55320a9 (patch) | |
tree | d53086ca4b0bd00728eb58b66274e1fc7c04f40c | |
parent | faa2290d2bda2ed47ff96996f4827df6b629b0c5 (diff) | |
download | pfsense-754b5daff5ba70dba76d6a9279f95fa5f55320a9.zip pfsense-754b5daff5ba70dba76d6a9279f95fa5f55320a9.tar.gz |
* Make sure nat rules come before rdr rules
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cb15360..850fac6 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -646,7 +646,6 @@ function filter_nat_rules_generate_if($if, $src, $dst, $target) { $tgt = "0/32"; $natrule = <<<EOD - nat on $if from $src to any -> ($if) EOD; @@ -702,9 +701,6 @@ function filter_nat_rules_generate() { $natrules .= "nat-anchor \"natrules/*\"\n"; - if(!isset($config['system']['disableftpproxy'])) - $natrules .= "rdr on " . $lanif . " proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n"; - /* any 1:1 mappings? */ if (is_array($config['nat']['onetoone'])) { foreach ($config['nat']['onetoone'] as $natent) { @@ -781,6 +777,10 @@ function filter_nat_rules_generate() { } } + if(!isset($config['system']['disableftpproxy'])) + $natrules .= "rdr on " . $lanif . " proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n"; + + /* DIAG: add ipv6 NAT, if requested */ if (isset($config['diag']['ipv6nat']['enable'])) { $natrules .= "rdr on $wanif proto ipv6 from any to any port 0 -> " . |