diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2012-02-04 02:30:55 -0700 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2012-02-04 02:30:55 -0700 |
commit | 1716682b1d1a6efa6e97bb0874e89e6132c55dfd (patch) | |
tree | a7d440e139d7c1deb857803952e0204aa396a68a | |
parent | bf443dfe8431df0f63dee50ec48104befa2d406a (diff) | |
download | pfsense-1716682b1d1a6efa6e97bb0874e89e6132c55dfd.zip pfsense-1716682b1d1a6efa6e97bb0874e89e6132c55dfd.tar.gz |
Add static route subnets if their gateway is within the source subnet for the nat rule. Ticket #2163
-rw-r--r-- | etc/inc/filter.inc | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1e60595..0cdc442 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -958,12 +958,17 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco $route_table = array(); /* create a route table we can search */ exec("netstat -rnWf inet", $route_table); + foreach($route_table as $rt_key => $line) { + if(preg_match("/^[0-9]+(?:\.[0-9]+){3}\/[0-9]+[ ]+(?:[0-9]+(?:\.[0-9]+){3}|link[#])/", $line)) + $route_table[$rt_key] = preg_split("/[ ]+/", $line); + else + unset($route_table[$rt_key]); + } } /* Search for matching subnets in the routing table */ - foreach($route_table as $line) { - if(preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/[0-9]+[ ]+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|link[#])/", $line)) { - $fields = preg_split("/[ ]+/", $line); + foreach($route_table as $fields) { + if(is_subnet($fields[0])) { $subnet = $fields[0]; $subnet_split = explode("/", $subnet); $subnet_if = $fields[6]; @@ -984,6 +989,13 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco } } if(!empty($ifsubnet_ip)) { + $subnets = array($subnet); + foreach($route_table as $rtentry) { + if(is_subnet($rtentry[0]) && is_ipaddr($rtentry[1]) && ip_in_subnet($rtentry[1], $subnet) && $rtentry[6] == $subnet_if) + $subnets[] = $rtentry[0]; + } + if(count($subnets) > 1) + $subnet = "{ " . implode(" ", $subnets) . " }"; $natrules .= "no nat on {$subnet_if}{$protocol_text} from {$subnet_if} to {$target}\n"; $natrules .= "nat on {$subnet_if}{$protocol_text} from {$subnet} to {$target} -> {$ifsubnet_ip}{$static_port}\n"; } |