diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2012-02-04 04:14:24 -0700 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2012-02-04 04:14:24 -0700 |
commit | b9f637a7b9025db2e6b864a293915571bbc98601 (patch) | |
tree | bd7f780a0579768838e9b25ebb2f471d8ecefc30 | |
parent | 1716682b1d1a6efa6e97bb0874e89e6132c55dfd (diff) | |
download | pfsense-b9f637a7b9025db2e6b864a293915571bbc98601.zip pfsense-b9f637a7b9025db2e6b864a293915571bbc98601.tar.gz |
Add nat rule if the target is in a subnet handled by a static route whose gateway is in the interface's subnet. Ticket #2163
-rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0cdc442..e806ba0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -966,6 +966,18 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco } } + /* Check if the target is accessed through a static route */ + foreach($route_table as $fields) { + if(is_subnet($fields[0]) && is_ipaddr($fields[1])) { + $subnet_split = explode("/", $fields[0]); + if(in_array($fields[6], $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) { + $target_ip = $fields[1]; + $target_subnet = 32; + break; + } + } + } + /* Search for matching subnets in the routing table */ foreach($route_table as $fields) { if(is_subnet($fields[0])) { |