MFC 15106

Ticket #1146: binat rules MUST be before NAT else they don't work as expected.
author: Scott Ullrich <sullrich@pfsense.org> 2006-11-19 19:13:23 +0000
committer: Scott Ullrich <sullrich@pfsense.org> 2006-11-19 19:13:23 +0000
commit: 3e0896d5bc4343128192db5caab7ef17aa689c51 (patch)
tree: 38d8f77e476bedd11205df3ad9ff22876a04bd30 /etc
parent: 605fe87fbb1f6f804ae9f15071586b1ecc93bf4a (diff)
download: pfsense-3e0896d5bc4343128192db5caab7ef17aa689c51.zip
pfsense-3e0896d5bc4343128192db5caab7ef17aa689c51.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index b6b3866..f09e312 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -569,6 +569,25 @@ function filter_nat_rules_generate() {
 		}
 	}
 
+	/* any 1:1 mappings? */
+	if (is_array($config['nat']['onetoone'])) {
+		$natrules .= "\n";
+		foreach ($config['nat']['onetoone'] as $natent) {
+			if (!is_numeric($natent['subnet']))
+				$sn = 32;
+			else
+				$sn = $natent['subnet'];
+
+			if (!$natent['interface'] || ($natent['interface'] == "wan"))
+				$natif = $wanif;
+			else
+				$natif = $config['interfaces'][$natent['interface']]['if'];
+
+			if($natent['interface'])
+				$natrules .= "binat on \${$natent['interface']} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
+		}
+	}
+
 	/* outbound rules - advanced or standard */
 	if (isset($config['nat']['advancedoutbound']['enable'])) {
 		/* advanced outbound rules */
author	Scott Ullrich <sullrich@pfsense.org>	2006-11-19 19:13:23 +0000
committer	Scott Ullrich <sullrich@pfsense.org>	2006-11-19 19:13:23 +0000
commit	3e0896d5bc4343128192db5caab7ef17aa689c51 (patch)
tree	38d8f77e476bedd11205df3ad9ff22876a04bd30 /etc
parent	605fe87fbb1f6f804ae9f15071586b1ecc93bf4a (diff)
download	pfsense-3e0896d5bc4343128192db5caab7ef17aa689c51.zip pfsense-3e0896d5bc4343128192db5caab7ef17aa689c51.tar.gz