diff options
| author | Ermal <eri@pfsense.org> | 2010-09-03 17:45:12 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2010-09-03 17:45:12 +0000 |
| commit | c12fb6cb5408cbcaa6090d4871bf500a705d7d7b (patch) | |
| tree | efd2af5bd668dc9e8f658f7c271a211eeca54af4 | |
| parent | 8fc0b2dcb8a62e0dfcb153277ce1fcfad0b1143d (diff) | |
| download | pfsense-c12fb6cb5408cbcaa6090d4871bf500a705d7d7b.zip pfsense-c12fb6cb5408cbcaa6090d4871bf500a705d7d7b.tar.gz | |
Allow 1:1 rules to specify source and destination. This is almost the same as on Port Forward tab rules without protocol and ports.
| -rw-r--r-- | etc/inc/filter.inc | 68 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_1to1.php | 16 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 437 |
3 files changed, 395 insertions, 126 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 5384b2a..49da2aa 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1104,40 +1104,56 @@ function filter_nat_rules_generate() { /* any 1:1 mappings? */ if(is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $natent) { - if(!is_numeric($natent['subnet'])) - $sn = 32; - else - $sn = $natent['subnet']; - if(!$natent['interface']) + foreach ($config['nat']['onetoone'] as $rule) { + if (isset($rule['disabled'])) + continue; + + $sn = ""; + $target = alias_expand($rule['external']); + if (!$target) { + $natrules .= "# Unresolvable alias {$rule['target']}\n"; + continue; /* unresolvable alias */ + } + + if (!$rule['interface']) $natif = "wan"; else - $natif = $natent['interface']; - $natif = $FilterIflist[$natif]['if']; + $natif = $rule['interface']; + if (!isset($FilterIflist[$natif])) + continue; - if($natif) { - /* If reflection is enabled, turn on extra redirections - * for this rule by adding other interfaces to binat rule. */ - if((isset($config['system']['enablebinatreflection']) || $natent['natreflection'] == "enable") - && $natent['natreflection'] != "disable") { - $nat_if_list = filter_get_reflection_interfaces($natif); - } else { - $nat_if_list = array(); - } + $srcaddr = filter_generate_address($rule, 'source'); + $dstaddr = filter_generate_address($rule, 'destination'); + if(!$dstaddr) + $dstaddr = $FilterIflist[$natif]['ip']; - $natrules .= "binat on {$natif} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; + $tmp = explode('/', $srcaddr); + if (!empty($tmp[1]) && is_numeric($tmp[1])) { + $sn = $tmp[1]; + $sn1 = "/{$sn}"; + } - if(!empty($nat_if_list)) { - $binat_if_list = implode(" ", $nat_if_list); - if(count($nat_if_list) > 1) - $binat_if_list = "{ {$binat_if_list} }"; + $natif = $FilterIflist[$natif]['if']; - $reflection_txt .= "rdr on {$binat_if_list} from any to {$natent['external']}/{$sn} -> {$natent['internal']}/{$sn} bitmask\n"; - } + /* + * If reflection is enabled, turn on extra redirections + * for this rule by adding other interfaces to binat rule. + */ + if ((isset($rule['system']['enablebinatreflection']) || $rule['natreflection'] == "enable") + && $rule['natreflection'] != "disable") + $nat_if_list = filter_get_reflection_interfaces($natif); + else + $nat_if_list = array(); - $nat_if_list = array_merge(array($natif), $nat_if_list); - $reflection_txt .= filter_generate_reflection_nat($rule, $nat_if_list, "", "{$natent['internal']}/{$sn}", $natent['internal'], $sn); + $natrules .= "binat on {$natif} from {$srcaddr} to {$dstaddr} -> {$target}{$sn1}\n"; + if (!empty($nat_if_list)) { + $binat_if_list = implode(" ", $nat_if_list); + $binat_if_list = "{ {$binat_if_list} }"; + $reflection_txt .= "rdr on {$binat_if_list} from {$srcaddr} to {$target}{$sn1} -> {$dstaddr} bitmask\n"; } + + $nat_if_list = array_merge(array($natif), $nat_if_list); + $reflection_txt .= filter_generate_reflection_nat($rule, $nat_if_list, "", $srcaddr, $traget, $sn); } } $natrules .= "\n# Outbound NAT rules\n"; diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 494d34e..94132f2 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -102,8 +102,9 @@ include("head.inc"); <tr> <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td> <td width="20%" class="listhdrr"><?=gettext("External IP"); ?></td> - <td width="20%" class="listhdrr"><?=gettext("Internal IP"); ?></td> - <td width="40%" class="listhdr"><?=gettext("Description"); ?></td> + <td width="15%" class="listhdrr"><?=gettext("Source IP"); ?></td> + <td width="15%" class="listhdrr"><?=gettext("Destination IP"); ?></td> + <td width="30%" class="listhdr"><?=gettext("Description"); ?></td> <td width="10%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> @@ -124,12 +125,13 @@ include("head.inc"); ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo $natent['external']; - if ($natent['subnet']) echo "/" . $natent['subnet']; ?> + <?php echo $natent['external']; ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo $natent['internal']; - if ($natent['subnet']) echo "/" . $natent['subnet']; ?> + <?php echo pprint_address($natent['source']); ?> + </td> + <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> + <?php echo pprint_address($natent['destination']); ?> </td> <td class="listbg" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> <?=htmlspecialchars($natent['descr']);?> @@ -145,7 +147,7 @@ include("head.inc"); </tr> <?php $i++; endforeach; ?> <tr> - <td class="list" colspan="4"></td> + <td class="list" colspan="5"></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 5057959..89c3335 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -54,9 +54,17 @@ function nat_1to1_rules_sort() { } require("guiconfig.inc"); +require_once("interfaces.inc"); require("filter.inc"); require("shaper.inc"); +$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); +$ifdisp = get_configured_interface_with_descr(); +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + if (!is_array($config['nat']['onetoone'])) { $config['nat']['onetoone'] = array(); } @@ -67,21 +75,25 @@ if (isset($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_1to1[$id]) { - $pconfig['external'] = $a_1to1[$id]['external']; - $pconfig['internal'] = $a_1to1[$id]['internal']; + $pconfig['disabled'] = isset($a_1to1[$id]['disabled']); + + address_to_pconfig($a_1to1[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_1to1[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + $pconfig['interface'] = $a_1to1[$id]['interface']; if (!$pconfig['interface']) $pconfig['interface'] = "wan"; - if (!$a_1to1[$id]['subnet']) - $pconfig['subnet'] = 32; - else - $pconfig['subnet'] = $a_1to1[$id]['subnet']; + + $pconfig['external'] = $a_1to1[$id]['external']; $pconfig['descr'] = $a_1to1[$id]['descr']; $pconfig['natreflection'] = $a_1to1[$id]['natreflection']; -} else { - $pconfig['subnet'] = 32; +} else $pconfig['interface'] = "wan"; -} if ($_POST) { @@ -89,27 +101,67 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - $reqdfields = explode(" ", "interface external internal"); - $reqdfieldsn = array(gettext("Interface"),gettext("External subnet"),gettext("Internal subnet")); + $reqdfields = explode(" ", "interface external"); + $reqdfieldsn = array(gettext("Interface"), gettext("External subnet")); + if ($_POST['srctype'] == "single" || $_POST['srctype'] == "network") { + $reqdfields[] = "src"; + $reqdfieldsn[] = gettext("Source address"); + } + if ($_POST['dsttype'] == "single" || $_POST['dsttype'] == "network") { + $reqdfields[] = "dst"; + $reqdfieldsn[] = gettext("Destination address"); + } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if (($_POST['external'] && !is_ipaddr($_POST['external']))) { + if (is_specialnet($_POST['srctype'])) { + $_POST['src'] = $_POST['srctype']; + $_POST['srcmask'] = 0; + } else if ($_POST['srctype'] == "single") { + $_POST['srcmask'] = 32; + } + if (is_specialnet($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 0; + } else if ($_POST['dsttype'] == "single") { + $_POST['dstmask'] = 32; + } else if (is_ipaddr($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 32; + $_POST['dsttype'] = "single"; + } + + if (($_POST['external'] && !is_ipaddroralias($_POST['external']))) $input_errors[] = gettext("A valid external subnet must be specified."); - } - if (($_POST['internal'] && !is_ipaddr($_POST['internal']))) { - $input_errors[] = gettext("A valid internal subnet must be specified."); - } + + /* if user enters an alias and selects "network" then disallow. */ + if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) + || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) + $input_errors[] = gettext("You must specify single host or alias for alias entries."); + + if (!is_specialnet($_POST['srctype'])) { + if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) { + $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); + } + if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { + $input_errors[] = gettext("A valid source bit count must be specified."); + } + } + if (!is_specialnet($_POST['dsttype'])) { + if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { + $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']); + } + if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { + $input_errors[] = gettext("A valid destination bit count must be specified."); + } + } /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) continue; - if (check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['external'], $natent['subnet'])) { - //$input_errors[] = "Another 1:1 rule overlaps with the specified external subnet."; - //break; - } else if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) { + if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) { //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet."; //break; } @@ -118,16 +170,20 @@ if ($_POST) { if (!$input_errors) { $natent = array(); + $natent['disabled'] = isset($_POST['disabled']) ? true:false; $natent['external'] = $_POST['external']; - $natent['internal'] = $_POST['internal']; - $natent['subnet'] = $_POST['subnet']; + $natent['externalmask'] = $_POST['externalmask']; $natent['descr'] = $_POST['descr']; $natent['interface'] = $_POST['interface']; + pconfig_to_address($natent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot']); + + pconfig_to_address($natent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot']); + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") $natent['natreflection'] = $_POST['natreflection']; - else - unset($natent['natreflection']); if (isset($id) && $a_1to1[$id]) $a_1to1[$id] = $natent; @@ -150,6 +206,49 @@ include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript"> +function typesel_change() { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } + switch (document.iform.dsttype.selectedIndex) { + case 1: /* single */ + document.iform.dst.disabled = 0; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + case 2: /* network */ + document.iform.dst.disabled = 0; + document.iform.dstmask.disabled = 0; + break; + default: + document.iform.dst.value = ""; + document.iform.dst.disabled = 1; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + } +} +</script> + <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform"> @@ -157,85 +256,205 @@ include("head.inc"); <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT 1:1 entry"); ?></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> - <td width="78%" class="vtable"> - <select name="interface" class="formselect"> - <?php - $iflist = get_configured_interface_with_descr(); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) - $interfaces[$if] = $ifdesc; - - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) - $interfaces['l2tp'] = "L2TP VPN"; - - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; - - /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; - - /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) - $interfaces["openvpn"] = "OpenVPN"; - - foreach ($interfaces as $iface => $ifacename): - ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> - <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br> - <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("External subnet"); ?></td> - <td width="78%" class="vtable"> - <input name="external" type="text" class="formfld unknown" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>"> - <select name="subnet" class="formselect" id="subnet" > - <?php for ($i = 32; $i >= 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['subnet']) echo "selected"; ?>> - <?=$i;?> - </option> - <?php endfor; ?> - </select> - <br> - <span class="vexpl"><?=gettext("Enter the external (WAN) subnet for the 1:1 mapping. You may map single IP addresses by specifying a /32 subnet."); ?></span></td> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> + <strong><?=gettext("Disable this rule"); ?></strong><br /> + <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> + </td> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect"> + <?php + foreach ($ifdisp as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + + foreach ($interfaces as $iface => $ifacename): + ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br> + <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> + </tr> + <tr id="srctable" name="srctable"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td><?=gettext("Type:"); ?> </td> + <td> + <select name="srctype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['src']); ?> + <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option> + <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host"); ?></option> + <option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option> + <?php endif; ?> +<?php + foreach ($ifdisp as $ifent => $ifdesc): ?> + <?php if(have_ruleint_access($ifent)): ?> + <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option> + <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>> + <?=$ifdesc?> <?=gettext("address");?> + </option> + <?php endif; endforeach; ?> + </select> + </td> + </tr> + <tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="src" type="text" class="formfld unknown" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br/> + <span class="vexpl"><?=gettext("Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the external subnet also applies to the internal subnet (they have to be the same)."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td><?=gettext("Type:"); ?> </td> + <td> + <select name="dsttype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['dst']); ?> + <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option> + <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option> + <option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option> + <?php endif; ?> + +<?php foreach ($ifdisp as $if => $ifdesc): ?> + <?php if(have_ruleint_access($if)): ?> + <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option> + <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>> + <?=$ifdesc;?> <?=gettext("address");?> + </option> +<?php endif; endforeach; + if (is_array($config['virtualip']['vip'])): + foreach ($config['virtualip']['vip'] as $sn): + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): + $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); + $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); + $len = $end - $start; + for ($i = 0; $i <= $len; $i++): + $snip = long2ip32($start+$i); +?> + <option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> +<?php endfor; + else: +?> + <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> +<?php endif; + endforeach; + endif; +?> + </select> + </td> + </tr> + <tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + / + <select name="dstmask" class="formselect" id="dstmask"> +<?php + for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br/> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal subnet"); ?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("External subnet"); ?></td> <td width="78%" class="vtable"> - <input name="internal" type="text" class="formfld unknown" id="internal" size="20" value="<?=htmlspecialchars($pconfig['internal']);?>"> - <br> - <span class="vexpl"><?=gettext("Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the external subnet also applies to the internal subnet (they have to be the same)."); ?></span></td> + <input name="external" type="text" class="formfldalias" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>"> + <br/> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl"><?=gettext("You may enter a description here " . + <br/> <span class="vexpl"><?=gettext("You may enter a description here " . "for your reference (not parsed)."); ?></span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> - <td width="78%" class="vtable"> - <select name="natreflection" class="formselect"> - <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>><?=gettext("use system default"); ?></option> - <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>><?=gettext("enable"); ?></option> - <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>><?=gettext("disable"); ?></option> - </select> - </td> - </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>><?=gettext("use system default"); ?></option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>><?=gettext("enable"); ?></option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>><?=gettext("disable"); ?></option> + </select> + </td> + </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> @@ -247,6 +466,38 @@ include("head.inc"); </tr> </table> </form> +<script language="JavaScript"> + typesel_change(); +</script> +<?php +$isfirst = 0; +$aliases = ""; +$addrisfirst = 0; +$aliasesaddr = ""; +if($config['aliases']['alias'] <> "") + foreach($config['aliases']['alias'] as $alias_name) { + switch ($alias_name['type']) { + case "host": + case "network": + case "openvpn": + case "urltable": + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + break; + default: + break; + } + } +?> +<script language="JavaScript"> +<!-- + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + + var oTextbox1 = new AutoSuggestControl(document.getElementById("external"), new StateSuggestions(addressarray)); + var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray)); +//--> +</script> <?php include("fend.inc"); ?> </body> </html> |
