diff options
author | Ermal LUÇI <eri@pfsense.org> | 2014-11-20 16:25:35 +0100 |
---|---|---|
committer | Ermal LUÇI <eri@pfsense.org> | 2014-11-20 16:25:35 +0100 |
commit | a8a642c5c8eff62f7beb228b165b9e1e38e3a7c2 (patch) | |
tree | bb8174ab2cf940bc7218a07b87c2c764dfe4fba1 /etc/inc/filter.inc | |
parent | bc73d959f977ed256f0003026f895329c753db7c (diff) | |
download | pfsense-a8a642c5c8eff62f7beb228b165b9e1e38e3a7c2.zip pfsense-a8a642c5c8eff62f7beb228b165b9e1e38e3a7c2.tar.gz |
Fixes #3198, check that subnet masks are equal when choosing binat type for IPSec to avoid errors on ruleset.
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d4405d5..27425e4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1692,8 +1692,19 @@ function filter_nat_rules_generate() { $remote_subnet = "any"; if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet) ) $nattype = "nat"; - else - $nattype = "binat"; + else { + if (is_ipaddr($natlocal_subnet) || is_ipaddr($local_subnet)) + $nattype = "nat"; + else { + list($natnet, $natmask) = explode('/', $natlocal_subnet); + list($locnet, $locmask) = explode('/', $local_subnet); + if (intval($natmask) != intval($locmask)) + $nattype = "nat"; + else + $nattype = "binat"; + unset($natnet, $natmask, $locnet, $locmask); + } + } $natrules .= "{$nattype} on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n"; } } |