diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-13 05:32:12 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-13 05:46:13 -0600 |
commit | fe19e7d7920cfcfa6437b1617b9586c29d0bd49b (patch) | |
tree | 30a5715bdbba603310d1eb8d118f3c737039fb39 | |
parent | 4d52a9b995b2768b321418d83c3fd558252ca203 (diff) | |
download | pfsense-fe19e7d7920cfcfa6437b1617b9586c29d0bd49b.zip pfsense-fe19e7d7920cfcfa6437b1617b9586c29d0bd49b.tar.gz |
Using binat for reflection rules created some NAT issues under certain circumstances. Use rdr with the bitmask address pool type instead.
-rw-r--r-- | etc/inc/filter.inc | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d485de8..cab17d1 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1056,6 +1056,8 @@ function filter_nat_rules_generate() { $natrules .= "nat-anchor \"natrules/*\"\n\n"; update_filter_reload_status("Creating 1:1 rules..."); + $reflection_txt = ""; + /* any 1:1 mappings? */ if(is_array($config['nat']['onetoone'])) { foreach ($config['nat']['onetoone'] as $natent) { @@ -1078,16 +1080,18 @@ function filter_nat_rules_generate() { $nat_if_list = array(); } + $natrules .= "binat on {$natif} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; + + if(!empty($nat_if_list)) { + $binat_if_list = implode(" ", $nat_if_list); + if(count($nat_if_list) > 1) + $binat_if_list = "{ {$binat_if_list} }"; + + $reflection_txt .= "rdr on {$binat_if_list} from any to {$natent['external']}/{$sn} -> {$natent['internal']}/{$sn} bitmask\n"; + } + $nat_if_list = array_merge(array($natif), $nat_if_list); - //$binat_if_list = implode(" ", $nat_if_list); - //if(count($nat_if_list) > 1) - // $binat_if_list = "{ {$binat_if_list} }"; - - /* binat seems to currently only work with the first interface specified on the line */ - // $natrules .= "binat on {$binat_if_list} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; - foreach ($nat_if_list as $natifname) - $natrules .= "binat on {$natifname} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; - $natrules .= filter_generate_reflection_nat($rule, $nat_if_list, "", "{$natent['internal']}/{$sn}", $natent['internal'], $sn); + $reflection_txt .= filter_generate_reflection_nat($rule, $nat_if_list, "", "{$natent['internal']}/{$sn}", $natent['internal'], $sn); } } } @@ -1413,6 +1417,9 @@ EOD; $natrules .= "# UPnPd rdr anchor\n"; $natrules .= "rdr-anchor \"miniupnpd\"\n"; + if(!empty($reflection_txt)) + $natrules .= "\n" . $reflection_txt; + return $natrules; } |