Allow IPs inside virtual IP networks to be used as gateways. Fixed #2962

2 files changed, 59 insertions, 6 deletions

diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php
index 5d0dacd..55f6383 100755
--- a/usr/local/www/firewall_virtual_ip.php
+++ b/usr/local/www/firewall_virtual_ip.php
@@ -107,6 +107,29 @@ if ($_GET['act'] == "del") {
 			}
 		}
 
+		if (is_ipaddrv6($a_vip[$_GET['id']]['subnet']))
+			$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
+		else
+			$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
+
+		$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
+
+		$is_ipv6 = is_ipaddrv6($a_vip[$_GET['id']]['subnet']);
+		if (is_array($config['gateways']['gateway_item']))
+			foreach($config['gateways']['gateway_item'] as $gateway) {
+				if ($a_vip[$_GET['id']]['interface'] != $gateway['interface'])
+					continue;
+				if ($is_ipv6 && $gateway['ipprotocol'] == 'inet')
+					continue;
+				if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6')
+					continue;
+
+				if (ip_in_subnet($gateway['gateway'], $subnet)) {
+					$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
+					break;
+				}
+			}
+
 		if ($a_vip[$_GET['id']]['mode'] == "ipalias") {
 			$found_carp = false;
 			$found_other_alias = false;
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index fcadebf..ccaa59d 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -119,9 +119,24 @@ if ($_POST) {
 			if(empty($parent_ip) || empty($parent_sn)) {
 				$input_errors[] = gettext("You can not use a IPv4 Gateway Address on a IPv6 only interface.");
 			} else {
-				$subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn;
-				if(!ip_in_subnet($_POST['gateway'], $subnet))
-					$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet);
+				$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
+				$vips = link_interface_to_vips($_POST['interface']);
+				if (is_array($vips))
+					foreach($vips as $vip) {
+						if (!is_ipaddrv4($vip['subnet']))
+							continue;
+						$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
+					}
+
+				$found = false;
+				foreach($subnets as $subnet)
+					if(ip_in_subnet($_POST['gateway'], $subnet)) {
+						$found = true;
+						break;
+					}
+
+				if ($found === false)
+					$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within one of the chosen interface's subnets."), $_POST['gateway']);
 			}
 		}
 		else if(is_ipaddrv6($_POST['gateway'])) {
@@ -132,9 +147,24 @@ if ($_POST) {
 				if(empty($parent_ip) || empty($parent_sn)) {
 					$input_errors[] = gettext("You can not use a IPv6 Gateway Address on a IPv4 only interface.");
 				} else {
-					$subnet = gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn;
-					if(!ip_in_subnet($_POST['gateway'], $subnet))
-						$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet);
+					$subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn);
+					$vips = link_interface_to_vips($_POST['interface']);
+					if (is_array($vips))
+						foreach($vips as $vip) {
+							if (!is_ipaddrv6($vip['subnet']))
+								continue;
+							$subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
+						}
+
+					$found = false;
+					foreach($subnets as $subnet)
+						if(ip_in_subnet($_POST['gateway'], $subnet)) {
+							$found = true;
+							break;
+						}
+
+					if ($found === false)
+						$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within one of the chosen interface's subnets."), $_POST['gateway']);
 				}
 			}
 		}