diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-11-22 18:10:23 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-11-22 18:10:23 +0000 |
commit | 6864a7c3c8c7e2665d1de883f681d6ac9e530904 (patch) | |
tree | 2a5e91356cbadfca72c2fc6b5a661b2e587bb328 /etc | |
parent | 328637fe8a22f47ca5489a80c43e8e4e6e46ff1f (diff) | |
download | pfsense-6864a7c3c8c7e2665d1de883f681d6ac9e530904.zip pfsense-6864a7c3c8c7e2665d1de883f681d6ac9e530904.tar.gz |
Do not install rdr rule if we are launching PFTPX. Third attempt is a charm!
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d6ca0a8..39924bc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -553,7 +553,7 @@ function filter_nat_rules_generate() { $interface_counter = 0; /* loop through all interfaces and handle pftpx redirections */ foreach ($iflist as $ifent => $ifname) { - if(isset($config['interfaces'][$ifname]['disableftpproxy'])) { + if(isset($config['interfaces'][strtolower($ifname)]['disableftpproxy'])) { $interface_counter++; continue; } @@ -631,6 +631,7 @@ function filter_nat_rules_generate() { * operator has requested a port forward to * a ftp server then launch a helper */ + $dontinstallrdr = false; if($target <> "") { if($extport[0] == "21" and !isset($config['interfaces'][strtolower($rule['interface'])]['disableftpproxy'])) { $helpers = exec("/bin/ps awux | grep {$target} | grep -v grep"); @@ -640,25 +641,28 @@ function filter_nat_rules_generate() { $external_address = find_interface_ip(get_real_wan_interface()); /* install a pftpx helper, do not set a rule */ mwexec("/usr/local/sbin/pftpx -f {$target} -b {$external_address} -c 21 -g 21"); + $dontinstallrdr = true; } } } - if ((!$extport[1]) || ($extport[0] == $extport[1])) { - if($rule['protocol'] == "tcp/udp") - $natrules .= - "rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}"; - else - $natrules .= - "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}"; - - } else { - if($rule['protocol'] == "tcp/udp") - $natrules .= - "rdr on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target} port {$extport[0]}:*"; - else - $natrules .= - "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target} port {$extport[0]}:*"; + if($dontinstallrdr == false) { + if ((!$extport[1]) || ($extport[0] == $extport[1])) { + if($rule['protocol'] == "tcp/udp") + $natrules .= + "rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}"; + else + $natrules .= + "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}"; + + } else { + if($rule['protocol'] == "tcp/udp") + $natrules .= + "rdr on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target} port {$extport[0]}:*"; + else + $natrules .= + "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target} port {$extport[0]}:*"; + } } /* setup reflection rule for this item if requested |