summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2007-02-01 21:48:22 +0000
committerScott Ullrich <sullrich@pfsense.org>2007-02-01 21:48:22 +0000
commitf1bee6b5f4b97ace129db4283053898d460d492f (patch)
tree9351310cada2a81e0b12046dd086380db478827d
parent0a9a826cd6e84d4350b7e7ac4c390b19aa764a71 (diff)
downloadpfsense-f1bee6b5f4b97ace129db4283053898d460d492f.zip
pfsense-f1bee6b5f4b97ace129db4283053898d460d492f.tar.gz
Woops, preventing one to one from pftpx requires src address logic. Rework.
Diffstat
-rw-r--r--etc/inc/filter.inc6
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 83ef3c7..15bf67a 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -729,7 +729,9 @@ function filter_nat_rules_generate() {
/* prevent 1:1 ips from pftpx, they will be handled by ftp-sesame */
if($config['nat']['onetoone'])
foreach ($config['nat']['onetoone'] as $vipent)
- $vpns_list .= "{$vipent['internal']} ";
+ $onetoone_list .= "{$vipent['internal']} ";
+ if($onetoone_list)
+ $natrules .= "table <onetoonelist> { $onetoone_list }\n";
if($vpns_list)
$natrules .= "table <vpns> { $vpns_list }\n";
/* loop through all interfaces and handle pftpx redirections */
@@ -754,6 +756,8 @@ function filter_nat_rules_generate() {
if($int_ip and $vpns_list)
if($ifname_lower) {
$natrules .= "no rdr on $tmp_interface proto tcp from any to <vpns> port 21\n";
+ if($onetoone_list)
+ $natrules .= "no rdr on $tmp_interface proto tcp from <onetoonelist> to any port 21\n";
}
if($ifname_lower)
$natrules .= "rdr on $tmp_interface proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n";
OpenPOWER on IntegriCloud