diff options
author | Ermal <eri@pfsense.org> | 2012-11-15 14:15:38 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-15 14:15:38 +0000 |
commit | 86672d44875cf51ad13c80eeafbfb5d48a5ac894 (patch) | |
tree | 9a8c32fee4cb18295263169e143e003609206d7c /etc | |
parent | 44bf5c01bd0e82aa64655f929b6b9d941a317cb2 (diff) | |
download | pfsense-86672d44875cf51ad13c80eeafbfb5d48a5ac894.zip pfsense-86672d44875cf51ad13c80eeafbfb5d48a5ac894.tar.gz |
Correct the destination for the binat to the real destination
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d74f318..b771de0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1451,7 +1451,12 @@ function filter_nat_rules_generate() { continue; if (!is_subnet($natlocal_subnet) && !is_ipaddr($natlocal_subnet)) continue; - $natrules .= "binat on enc0 from {$local_subnet} to {$natlocal_subnet} -> {$natlocal_subnet}\n"; + $remote_subnet = ipsec_idinfo_to_cidr($ph2ent['remoteid']); + if (empty($remote_subnet) || $remote_subnet == "0.0.0.0/0") + continue; + if (!is_subnet($remote_subnet) && !is_ipaddr($remote_subnet)) + continue; + $natrules .= "binat on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n"; } } } |