diff options
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/firewall_nat_npt.php | 183 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_npt_edit.php | 280 |
2 files changed, 463 insertions, 0 deletions
diff --git a/usr/local/www/firewall_nat_npt.php b/usr/local/www/firewall_nat_npt.php new file mode 100644 index 0000000..4534931 --- /dev/null +++ b/usr/local/www/firewall_nat_npt.php @@ -0,0 +1,183 @@ +<?php +/* $Id$ */ +/* + firewall_nat_npt.php + part of pfSense (http://pfsense.org) + + Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: nat +*/ + +##|+PRIV +##|*IDENT=page-firewall-nat-npt +##|*NAME=Firewall: NAT: NPT page +##|*DESCR=Allow access to the 'Firewall: NAT: NPT' page. +##|*MATCH=firewall_nat_npt.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("functions.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); + +if (!is_array($config['nat']['npt'])) { + $config['nat']['npt'] = array(); +} +$a_npt = &$config['nat']['npt']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + $retval |= filter_configure(); + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + clear_subsystem_dirty('natconf'); + clear_subsystem_dirty('filter'); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_npt[$_GET['id']]) { + unset($a_npt[$_GET['id']]); + write_config(); + mark_subsystem_dirty('natconf'); + header("Location: firewall_nat_npt.php"); + exit; + } +} + +$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("NPt")); +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="firewall_nat_npt.php" method="post"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (is_subsystem_dirty('natconf')): ?><p> +<?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));?><br> +<?php endif; ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); + $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php"); + $tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php"); + $tab_array[] = array(gettext("NPt"), true, "firewall_nat_npt.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td> + <td width="20%" class="listhdrr"><?=gettext("External Prefix"); ?></td> + <td width="15%" class="listhdrr"><?=gettext("Internal prefix"); ?></td> + <td width="30%" class="listhdr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + <?php + $textse = "</span>"; + + $i = 0; foreach ($a_npt as $natent): + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; ?> + <tr> + <td class="listlr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php + echo $textss; + if (!$natent['interface']) + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); + else + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + echo $textse; + ?> + </td> + <?php + $source_net = pprint_address($natent['source']); + $source_cidr = strstr($source_net, '/'); + $destination_net = pprint_address($natent['destination']); + $destination_cidr = strstr($destination_net, '/'); + ?> + <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php echo $textss . $destination_net . $textse; ?> + </td> + <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php echo $textss . $source_net . $textse; ?> + </td> + <td class="listbg" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?=$textss;?> + <?=htmlspecialchars($natent['descr']);?> + <?=$textse;?> + </td> + <td class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="firewall_nat_npt_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td> + <td valign="middle"><a href="firewall_nat_npt.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php new file mode 100644 index 0000000..e06cc13 --- /dev/null +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -0,0 +1,280 @@ +<?php +/* $Id$ */ +/* + firewall_nat_npt_edit.php + part of pfSense (http://pfsense.org) + + Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: nat +*/ + +##|+PRIV +##|*IDENT=page-firewall-nat-npt-edit +##|*NAME=Firewall: NAT: NPt: Edit page +##|*DESCR=Allow access to the 'Firewall: NAT: NPt: Edit' page. +##|*MATCH=firewall_nat_npt_edit.php* +##|-PRIV + +function natnptcmp($a, $b) { + return ipcmp($a['external'], $b['external']); +} + +function nat_npt_rules_sort() { + global $g, $config; + + if (!is_array($config['nat']['npt'])) + return; + + + usort($config['nat']['npt'], "natnptcmp"); +} + +require("guiconfig.inc"); +require_once("interfaces.inc"); +require("filter.inc"); +require("shaper.inc"); + +$ifdisp = get_configured_interface_with_descr(); +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + +if (!is_array($config['nat']['npt'])) { + $config['nat']['npt'] = array(); +} +$a_npt = &$config['nat']['npt']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_npt[$id]) { + $pconfig['disabled'] = isset($a_npt[$id]['disabled']); + + address_to_pconfig($a_npt[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + + $pconfig['interface'] = $a_npt[$id]['interface']; + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; + + $pconfig['external'] = $a_npt[$id]['external']; + $pconfig['descr'] = $a_npt[$id]['descr']; +} else + $pconfig['interface'] = "wan"; + + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface"); + $reqdfieldsn = array(gettext("Interface")); + $reqdfields[] = "src"; + $reqdfieldsn[] = gettext("Source prefix"); + $reqdfields[] = "dst"; + $reqdfieldsn[] = gettext("Destination prefix"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!$input_errors) { + $natent = array(); + + $natent['disabled'] = isset($_POST['disabled']) ? true:false; + $natent['descr'] = $_POST['descr']; + $natent['interface'] = $_POST['interface']; + + pconfig_to_address($natent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot']); + + pconfig_to_address($natent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot']); + + if (isset($id) && $a_npt[$id]) + $a_npt[$id] = $natent; + else + $a_npt[] = $natent; + nat_npt_rules_sort(); + + mark_subsystem_dirty('natconf'); + + write_config(); + + header("Location: firewall_nat_npt.php"); + exit; + } +} + +$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("NPt"),gettext("Edit")); +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> + +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="firewall_nat_npt_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT NPt entry"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> + <strong><?=gettext("Disable this rule"); ?></strong><br /> + <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> + </td> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect"> + <?php + foreach ($ifdisp as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + + foreach ($interfaces as $iface => $ifacename): + ?> + <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename);?> + </option> + <?php endforeach; ?> + </select><br> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br> + <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IPv6 Prefix"); ?></td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 128; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br/> + <span class="vexpl"><?=gettext("Enter the internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. The prefix size specified for the internal IPv6 prefix will be applied to the +external prefix."); +?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination IPv6 Prefix"); ?></td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + </tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + / + <select name="dstmask" class="formselect" id="dstmask"> +<?php + for ($i = 128; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br/> + <span class="vexpl"><?=gettext("Enter the Global Unicast routable IPv6 prefix here"); ?><br></span> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> + <br/> <span class="vexpl"><?=gettext("You may enter a description here " . + "for your reference (not parsed)."); ?></span></td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> + <?php if (isset($id) && $a_1to1[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> + <?php endif; ?> + </td> + </tr> + </table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> |