diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-07-11 23:54:01 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-07-11 23:54:01 +0000 |
commit | a9283d43955f1410c134ef0075b95ae5053f2760 (patch) | |
tree | 746fb67363a4822749f864b55643d8f78d1eef38 | |
parent | f8dea008c0009ad9919e543b2bde0ed0fe598617 (diff) | |
download | pfsense-a9283d43955f1410c134ef0075b95ae5053f2760.zip pfsense-a9283d43955f1410c134ef0075b95ae5053f2760.tar.gz |
Add no nat option for outgoing nat
Ticket #212
-rw-r--r-- | etc/inc/filter.inc | 19 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 32 |
2 files changed, 32 insertions, 19 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 07b9adc..83d16bc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -797,9 +797,14 @@ function filter_flush_state_table() { return mwexec("/sbin/pfctl -F state"); } -function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $target) { +function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $target, $nonat) { global $config; + $nat = "nat"; + + if($nonat <> "") + $nat = "no nat"; + if ($target) $tgt = $target . "/32"; else @@ -815,7 +820,7 @@ function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $targ $tgt .= " port " . $natport; $natrule = <<<EOD -nat on $if from $src to $dst -> $tgt +$nat on $if from $src to $dst -> $tgt EOD; @@ -910,7 +915,7 @@ function filter_nat_rules_generate() { $natif = $config['interfaces'][$obent['interface']]['if']; $natrules .= filter_nat_rules_generate_if($natif, $src, $obent['sourceport'], $dst, $obent['natport'], - $obent['target']); + $obent['target'], $obent['nonat']); } } } else { @@ -919,10 +924,10 @@ function filter_nat_rules_generate() { /* create ipsec passthru rule if requested */ if (isset($config['nat']['ipsecpassthru']['enable'])) { $natrules .= filter_nat_rules_generate_if($wanif, - $lansa . "/" . $lancfg['subnet'], 500, "", 500, null); + $lansa . "/" . $lancfg['subnet'], 500, "", 500, null, ""); } $natrules .= filter_nat_rules_generate_if($wanif, - $lansa . "/" . $lancfg['subnet'], null, "", null, null); + $lansa . "/" . $lancfg['subnet'], null, "", null, null, ""); /* optional interfaces */ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { @@ -931,7 +936,7 @@ function filter_nat_rules_generate() { if (isset($optcfg['enable']) && !$optcfg['bridge']) { $optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']); $natrules .= filter_nat_rules_generate_if($wanif, - $optsa . "/" . $optcfg['subnet'], null, "", null, null); + $optsa . "/" . $optcfg['subnet'], null, "", null, null, ""); } } @@ -941,7 +946,7 @@ function filter_nat_rules_generate() { if($config['pptp']['pptp_subnet'] <> "") $pptp_subnet = $config['pptp']['pptp_subnet']; $natrules .= filter_nat_rules_generate_if($wanif, - $pptpdcfg['remoteip'] . "/" . $pptp_subnet, null, "", null, null); + $pptpdcfg['remoteip'] . "/" . $pptp_subnet, null, "", null, null, ""); } /* static routes diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index dd47ef7..114f5a1 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -61,6 +61,7 @@ if (isset($id) && $a_out[$id]) { if (!$pconfig['interface']) $pconfig['interface'] = "wan"; $pconfig['descr'] = $a_out[$id]['descr']; + $pconfig['nonat'] = $a_out[$id]['nonat']; } else { $pconfig['source_subnet'] = 24; $pconfig['destination'] = "any"; @@ -247,20 +248,27 @@ function sourcesel_change() { <?display_topbar()?> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> + <td width="22%" valign="top" class="vncellreq">No nat (NOT)</td> + <td width="78%" class="vtable"> + <input type="checkbox" name="nonat"<?php if(isset($pconfig['nonat'])) echo " CHECKED"; ?>> + <span class="vexpl">Enabling this option will disable natting for the item and stop processing outgoing nat rules. + <br>Hint: in most cases, you'll not use this option unless you know what your doing.</span></td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"> - <select name="interface" class="formfld"> - <?php - $interfaces = array('wan' => 'WAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } - foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename);?> - </option> - <?php endforeach; ?> - </select><br> + <select name="interface" class="formfld"> + <?php + $interfaces = array('wan' => 'WAN'); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + } + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> <span class="vexpl">Choose which interface this rule applies to.<br> Hint: in most cases, you'll want to use WAN here.</span></td> </tr> |