summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErik Fonnesbeck <efonnes@gmail.com>2012-02-04 04:14:24 -0700
committerErik Fonnesbeck <efonnes@gmail.com>2012-02-04 04:14:24 -0700
commitb9f637a7b9025db2e6b864a293915571bbc98601 (patch)
treebd7f780a0579768838e9b25ebb2f471d8ecefc30
parent1716682b1d1a6efa6e97bb0874e89e6132c55dfd (diff)
downloadpfsense-b9f637a7b9025db2e6b864a293915571bbc98601.zip
pfsense-b9f637a7b9025db2e6b864a293915571bbc98601.tar.gz
Add nat rule if the target is in a subnet handled by a static route whose gateway is in the interface's subnet. Ticket #2163
-rw-r--r--etc/inc/filter.inc12
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0cdc442..e806ba0 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -966,6 +966,18 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
}
}
+ /* Check if the target is accessed through a static route */
+ foreach($route_table as $fields) {
+ if(is_subnet($fields[0]) && is_ipaddr($fields[1])) {
+ $subnet_split = explode("/", $fields[0]);
+ if(in_array($fields[6], $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) {
+ $target_ip = $fields[1];
+ $target_subnet = 32;
+ break;
+ }
+ }
+ }
+
/* Search for matching subnets in the routing table */
foreach($route_table as $fields) {
if(is_subnet($fields[0])) {
OpenPOWER on IntegriCloud