diff options
author | Ermal <eri@pfsense.org> | 2012-10-11 15:24:47 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-11 15:24:47 +0000 |
commit | e8d517b40e7df3b7f462b244b7366fdc6d3a2530 (patch) | |
tree | 9d3750a06029c052070f69be95ecc0b8a7d688d9 | |
parent | 64846e1a85fb4e831943ecc496f11c82b675c734 (diff) | |
download | pfsense-e8d517b40e7df3b7f462b244b7366fdc6d3a2530.zip pfsense-e8d517b40e7df3b7f462b244b7366fdc6d3a2530.tar.gz |
Use only binat so both side can communicate properly. With nat only the side behind nat works
-rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 517f076..f1df74b 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1441,10 +1441,6 @@ function filter_nat_rules_generate() { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid'])) { require_once("ipsec.inc"); - if ($ph2ent['natlocalid']['type'] == "address") - $nataction = "nat"; - else - $nataction = "binat"; $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid']); if (empty($local_subnet) || $local_subnet == "0.0.0.0/0") continue; @@ -1455,7 +1451,7 @@ function filter_nat_rules_generate() { continue; if (!is_subnet($natlocal_subnet) && !is_ipaddr($natlocal_subnet)) continue; - $natrules .= "{$nataction} on enc0 from {$local_subnet} to any -> {$natlocal_subnet}\n"; + $natrules .= "bniat on enc0 from {$local_subnet} to any -> {$natlocal_subnet}\n"; } } } |