diff options
| author | Ermal Luçi <ermal.luci@gmail.com> | 2012-11-19 01:48:44 -0800 |
|---|---|---|
| committer | Ermal Luçi <ermal.luci@gmail.com> | 2012-11-19 01:48:44 -0800 |
| commit | faea7e1092dd10f47ae011387db9dbfed05faa11 (patch) | |
| tree | ac2275a0ece79f6ad0d600c2f81074a53b0053f1 /etc | |
| parent | 576b9513890558968ad9f2ae44ff90b9db394895 (diff) | |
| parent | a269fed636cd7ec4820744477f844bf581a389cc (diff) | |
| download | pfsense-faea7e1092dd10f47ae011387db9dbfed05faa11.zip pfsense-faea7e1092dd10f47ae011387db9dbfed05faa11.tar.gz | |
Merge pull request #259 from PiBa-NL/ipsecNAT
ipsec binat rule not possible if using a subnet together with a single ip so use nat
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0da4dd4..1499503 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1439,7 +1439,11 @@ function filter_nat_rules_generate() { continue; if ($remote_subnet == "0.0.0.0/0") $remote_subnet = "any"; - $natrules .= "binat on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n"; + if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet) ) + $nattype = "nat"; + else + $nattype = "binat"; + $natrules .= "{$nattype} on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n"; } } } |
