diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2007-04-26 09:46:36 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2007-04-26 09:46:36 +0000 |
commit | b520ec9a4aaa427f52ebc4bdcf63ec9e43bccf89 (patch) | |
tree | 84248d03388f59b5430ee225b683ada9d47b5fae | |
parent | 3e4e94ced31070b4bd2bd8a85a191ab02b6f948a (diff) | |
download | pfsense-b520ec9a4aaa427f52ebc4bdcf63ec9e43bccf89.zip pfsense-b520ec9a4aaa427f52ebc4bdcf63ec9e43bccf89.tar.gz |
3rd pass nat rules generation. Also process lan subnets with OPT gateway properly.
MFC: Soon
-rw-r--r-- | etc/inc/filter.inc | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e9660e0..0012d10 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -684,7 +684,6 @@ function filter_nat_rules_generate() { } } else { /* standard outbound rules (one for each interface) */ - update_filter_reload_status("Creating outbound NAT rules"); $natrules .= filter_nat_rules_generate_if($wanif, @@ -694,6 +693,22 @@ function filter_nat_rules_generate() { $natrules .= filter_nat_rules_generate_if($wanif, "{$lansa}/{$lancfg['subnet']}"); + $optints = array(); + generate_optcfg_array($optints); + + /* generate lan nat mappings for opts with a gateway opts */ + foreach($optints as $oc) { + $opt_interface = $oc['if']; + if (interface_has_gateway("$opt_interface")) { + $natrules .= filter_nat_rules_generate_if($opt_interface, + "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false); + $natrules .= filter_nat_rules_generate_if($opt_interface, + "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false); + $natrules .= filter_nat_rules_generate_if($opt_interface, + "{$lansa}/{$lancfg['subnet']}"); + } + } + /* optional interfaces */ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { update_filter_reload_status("Creating outbound rules (opt{$i})"); @@ -702,18 +717,6 @@ function filter_nat_rules_generate() { if (isset($optcfg['enable']) && !$optcfg['bridge']) { $optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']); - /* setup nat mappings for lan -> opt[$i] - * interface if a gateway is defined - */ - if((interface_has_gateway("opt{$i}"))) { - $natrules .= filter_nat_rules_generate_if($optcfg['if'], - "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($optcfg['if'], - "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($optcfg['if'], - "{$lansa}/{$lancfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat'])); - } - /* create outbound nat entries for primary wan */ $natrules .= filter_nat_rules_generate_if($wanif, "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false); @@ -723,11 +726,9 @@ function filter_nat_rules_generate() { "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat'])); /* create outbound nat entries for all opt wans */ - $optints = array(); - generate_optcfg_array($optints); foreach($optints as $oc) { $opt_interface = $oc['if']; - if (interface_has_gateway("opt{$i}")) { + if (interface_has_gateway("$opt_interface")) { $natrules .= filter_nat_rules_generate_if($opt_interface, "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false); $natrules .= filter_nat_rules_generate_if($opt_interface, |