Use binat, not nat, where IPsec NAT is configured with an address for local and NAT. Ticket #4169

1 files changed, 6 insertions, 10 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e4bea9b..06b99aa 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1755,17 +1755,13 @@ function filter_nat_rules_generate() {
 					if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet) )
 						$nattype = "nat";
 					else {
-						if (is_ipaddr($natlocal_subnet) || is_ipaddr($local_subnet))
+						list($natnet, $natmask) = explode('/', $natlocal_subnet);
+						list($locnet, $locmask) = explode('/', $local_subnet);
+						if (intval($natmask) != intval($locmask))
 							$nattype = "nat";
-						else {
-							list($natnet, $natmask) = explode('/', $natlocal_subnet);
-							list($locnet, $locmask) = explode('/', $local_subnet);
-							if (intval($natmask) != intval($locmask))
-								$nattype = "nat";
-							else
-								$nattype = "binat";
-							unset($natnet, $natmask, $locnet, $locmask);
-						}
+						else
+							$nattype = "binat";
+						unset($natnet, $natmask, $locnet, $locmask);
 					}
 					$natrules .= "{$nattype} on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n";
 				}