diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-12-31 16:17:29 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-12-31 16:17:29 -0600 |
commit | d6726bcbcf3f9a9bb7d494c1cb26a3ae6091ee3c (patch) | |
tree | 7d25c4d541b2d859335bb0b523602d1e167682c3 /etc | |
parent | ed2d13436a9cabd63862b743edaedea4e128f4e3 (diff) | |
download | pfsense-d6726bcbcf3f9a9bb7d494c1cb26a3ae6091ee3c.zip pfsense-d6726bcbcf3f9a9bb7d494c1cb26a3ae6091ee3c.tar.gz |
Use binat, not nat, where IPsec NAT is configured with an address for local and NAT. Ticket #4169
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e4bea9b..06b99aa 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1755,17 +1755,13 @@ function filter_nat_rules_generate() { if (is_ipaddr($natlocal_subnet) && !is_ipaddr($local_subnet) ) $nattype = "nat"; else { - if (is_ipaddr($natlocal_subnet) || is_ipaddr($local_subnet)) + list($natnet, $natmask) = explode('/', $natlocal_subnet); + list($locnet, $locmask) = explode('/', $local_subnet); + if (intval($natmask) != intval($locmask)) $nattype = "nat"; - else { - list($natnet, $natmask) = explode('/', $natlocal_subnet); - list($locnet, $locmask) = explode('/', $local_subnet); - if (intval($natmask) != intval($locmask)) - $nattype = "nat"; - else - $nattype = "binat"; - unset($natnet, $natmask, $locnet, $locmask); - } + else + $nattype = "binat"; + unset($natnet, $natmask, $locnet, $locmask); } $natrules .= "{$nattype} on enc0 from {$local_subnet} to {$remote_subnet} -> {$natlocal_subnet}\n"; } |