Correct the destination for the binat to the real destination

author: Ermal <eri@pfsense.org> 2012-11-15 14:15:38 +0000
committer: Ermal <eri@pfsense.org> 2012-11-15 14:15:38 +0000
commit: 86672d44875cf51ad13c80eeafbfb5d48a5ac894 (patch)
tree: 9a8c32fee4cb18295263169e143e003609206d7c /etc/inc/filter.inc
parent: 44bf5c01bd0e82aa64655f929b6b9d941a317cb2 (diff)
download: pfsense-86672d44875cf51ad13c80eeafbfb5d48a5ac894.zip
pfsense-86672d44875cf51ad13c80eeafbfb5d48a5ac894.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index d74f318..b771de0 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1451,7 +1451,12 @@ function filter_nat_rules_generate() {
 						continue;
 					if (!is_subnet($natlocal_subnet) && !is_ipaddr($natlocal_subnet))
 						continue;
-					$natrules .= "binat on enc0 from {$local_subnet} to {$natlocal_subnet} -> {$natlocal_subnet}\n";
+					$remote_subnet = ipsec_idinfo_to_cidr($ph2ent['remoteid']);
+					if (empty($remote_subnet) || $remote_subnet == "0.0.0.0/0")
+						continue;
+					if (!is_subnet($remote_subnet) && !is_ipaddr($remote_subnet))
+						continue;
+					$natrules .= "binat on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n";
 				}
 			}
 		}
author	Ermal <eri@pfsense.org>	2012-11-15 14:15:38 +0000
committer	Ermal <eri@pfsense.org>	2012-11-15 14:15:38 +0000
commit	86672d44875cf51ad13c80eeafbfb5d48a5ac894 (patch)
tree	9a8c32fee4cb18295263169e143e003609206d7c /etc/inc/filter.inc
parent	44bf5c01bd0e82aa64655f929b6b9d941a317cb2 (diff)
download	pfsense-86672d44875cf51ad13c80eeafbfb5d48a5ac894.zip pfsense-86672d44875cf51ad13c80eeafbfb5d48a5ac894.tar.gz