diff options
author | jim-p <jim@pingle.org> | 2009-08-15 21:18:55 -0400 |
---|---|---|
committer | jim-p <jim@pingle.org> | 2009-08-15 21:18:55 -0400 |
commit | 758a370ed9a4f433eef3102da0363b04306b32ff (patch) | |
tree | d4ec2f095623e8ebd88f9a4e2a7327be436c7f40 /etc | |
parent | 02afa68458c61a4081933112acfe95da0698d6ee (diff) | |
download | pfsense-758a370ed9a4f433eef3102da0363b04306b32ff.zip pfsense-758a370ed9a4f433eef3102da0363b04306b32ff.tar.gz |
Fix NAT reflection for UDP. Was using the incorrect socket type, when udp was reflected, inetd was still listening on TCP.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c16c4d7..6b667d0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -670,15 +670,18 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port) case "udp": $protocol = $rule['protocol']; foreach($toadd_array as $tda){ - if($protocol == "udp") + if($protocol == "udp") { + $socktype = "dgram"; $dash_u = "-u "; - else + } else { + $socktype = "stream"; $dash_u = ""; + } if($config['system']['reflectiontimeout']) $reflectiontimeout = $config['system']['reflectiontimeout']; else $reflectiontimeout = "20"; - fwrite($inetd_fd, "{$starting_localhost_port}\tstream\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"); + fwrite($inetd_fd, "{$starting_localhost_port}\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"); $natrules .= "rdr on { {$ifname['if']} } proto {$protocol} from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; $xxx++; $starting_localhost_port++; |