diff options
| -rw-r--r-- | etc/inc/filter.inc | 5 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_out.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 38 |
3 files changed, 41 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ee63e43..07cc80f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1241,7 +1241,8 @@ function filter_nat_rules_generate() { else $natif = $obent['interface']; - $poolopts = (is_subnet($obent['target']) || is_alias($obent['target'])) ? $obent['poolopts'] : ""; + $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target']; + $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; if (!isset($FilterIflist[$natif])) continue; @@ -1251,7 +1252,7 @@ function filter_nat_rules_generate() { $obent['sourceport'], $dst, $obent['dstport'], - $obent['target'], + $obtarget, $obent['natport'], isset($obent['nonat']), isset($obent['staticnatport']), diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index bf72f2c..e27d55e 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -392,6 +392,8 @@ include("head.inc"); <?php if (!$natent['target']) echo "*"; + elseif ($natent['target'] == "other-subnet") + echo $natent['targetip'] . '/' . $natent['targetip_subnet']; else echo $natent['target']; ?> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 7734d9e..f03bded 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -79,6 +79,8 @@ if (isset($id) && $a_out[$id]) { $pconfig['dstport'] = $a_out[$id]['dstport']; $pconfig['natport'] = $a_out[$id]['natport']; $pconfig['target'] = $a_out[$id]['target']; + $pconfig['targetip'] = $a_out[$id]['targetip']; + $pconfig['targetip_subnet'] = $a_out[$id]['targetip_subnet']; $pconfig['poolopts'] = $a_out[$id]['poolopts']; $pconfig['interface'] = $a_out[$id]['interface']; if (!$pconfig['interface']) { @@ -154,14 +156,23 @@ if ($_POST) { } } - if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat'])) { + if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) { $input_errors[] = gettext("A valid target IP address must be specified."); } + if ($_POST['target'] == "other-subnet") { + if (!is_ipaddr($_POST['targetip'])) { + $input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type."); + } + if (!is_numericint($_POST['targetip_subnet'])) { + $input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type."); + } + } + /* Verify Pool Options */ $poolopts = ""; if ($_POST['poolopts']) { - if (is_subnet($_POST['target'])) + if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) $poolopts = $_POST['poolopts']; elseif (is_alias($_POST['target'])) { if (substr($_POST['poolopts'], 0, 11) == "round-robin") @@ -201,6 +212,8 @@ if ($_POST) { $natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : ""; $natent['descr'] = $_POST['descr']; $natent['target'] = (!isset($_POST['nonat'])) ? $_POST['target'] : ""; + $natent['targetip'] = (!isset($_POST['nonat'])) ? $_POST['targetip'] : ""; + $natent['targetip_subnet'] = (!isset($_POST['nonat'])) ? $_POST['targetip_subnet'] : ""; $natent['interface'] = $_POST['interface']; $natent['poolopts'] = $poolopts; @@ -342,11 +355,19 @@ function proto_change() { function poolopts_change() { if ($('target').options[$('target').selectedIndex].text.substring(0,4) == "Host") { $('poolopts_tr').style.display = ''; + $('target_network').style.display = 'none'; } else if ($('target').options[$('target').selectedIndex].text.substring(0,6) == "Subnet") { $('poolopts_tr').style.display = ''; + $('target_network').style.display = 'none'; + } else if ($('target').options[$('target').selectedIndex].text.substring(0,5) == "Other") { + $('poolopts_tr').style.display = ''; + $('target_network').style.display = ''; } else { $('poolopts').selectedIndex = 0; $('poolopts_tr').style.display = 'none'; + $('target_network').style.display = 'none'; + $('targetip').value = ''; + $('targetip_subnet').value = '0'; } } //--> @@ -521,10 +542,23 @@ any)");?></td> continue; ?> <option value="<?=$alias['name'];?>" <?php if ($alias['name'] == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("Host Alias: {$alias['name']} ({$alias['descr']})");?></option> <?php endforeach; ?> + <option value="other-subnet"<?php if($pconfig['target'] == "other-subnet") echo " selected"; ?>><?=gettext("Other Subnet (Enter Below)");?></option> <option value=""<?php if($pconfig['target'] == "any") echo " selected"; ?>><?=gettext("any");?></option> </select> </td> </tr> + + <tr id="target_network"> + <td><?=gettext("Other Subnet:");?> </td> + <td> + <input name="targetip" type="text" class="formfld unknown" id="targetip" size="20" value="<?=htmlspecialchars($pconfig['targetip']);?>">/<select name="targetip_subnet" class="formfld" id="targetip_subnet"> +<?php for ($i = 32; $i >= 0; $i--): ?> + <option value="<?=$i;?>"<?php if ($i == $pconfig['targetip_subnet']) echo " selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + <tr><td> </td><td> <span class="vexpl"><?=gettext("Packets matching this rule will be mapped to the IP address given here.");?><br> <?=gettext("If you want this rule to apply to another IP address than the IP address of the interface chosen above, ". |
