From a9283d43955f1410c134ef0075b95ae5053f2760 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 11 Jul 2005 23:54:01 +0000
Subject: Add no nat option for outgoing nat

Ticket #212
---
 etc/inc/filter.inc                      | 19 ++++++++++++-------
 usr/local/www/firewall_nat_out_edit.php | 32 ++++++++++++++++++++------------
 2 files changed, 32 insertions(+), 19 deletions(-)
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 07b9adc..83d16bc 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -797,9 +797,14 @@ function filter_flush_state_table() {
 	return mwexec("/sbin/pfctl -F state");
 }
 
-function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $target) {
+function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $target, $nonat) {
 	global $config;
 
+	$nat = "nat";
+	
+	if($nonat <> "")
+		$nat = "no nat";
+	
         if ($target)
                 $tgt = $target . "/32";
         else
@@ -815,7 +820,7 @@ function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $targ
 		$tgt .= " port " . $natport;
 
         $natrule = <<<EOD
-nat on $if from $src to $dst -> $tgt
+$nat on $if from $src to $dst -> $tgt
 
 EOD;
 
@@ -910,7 +915,7 @@ function filter_nat_rules_generate() {
 					$natif = $config['interfaces'][$obent['interface']]['if'];
 
 				$natrules .= filter_nat_rules_generate_if($natif, $src, $obent['sourceport'], $dst, $obent['natport'],
-					$obent['target']);
+					$obent['target'], $obent['nonat']);
 			}
 		}
 	} else {
@@ -919,10 +924,10 @@ function filter_nat_rules_generate() {
 		/* create ipsec passthru rule if requested */
 		if (isset($config['nat']['ipsecpassthru']['enable'])) {
 			$natrules .= filter_nat_rules_generate_if($wanif,
-				$lansa . "/" . $lancfg['subnet'], 500, "", 500, null);
+				$lansa . "/" . $lancfg['subnet'], 500, "", 500, null, "");
 		}
 		$natrules .= filter_nat_rules_generate_if($wanif,
-			$lansa . "/" . $lancfg['subnet'], null, "", null, null);
+			$lansa . "/" . $lancfg['subnet'], null, "", null, null, "");
 
 		/* optional interfaces */
 		for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
@@ -931,7 +936,7 @@ function filter_nat_rules_generate() {
 			if (isset($optcfg['enable']) && !$optcfg['bridge']) {
 				$optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']);
 				$natrules .= filter_nat_rules_generate_if($wanif,
-					$optsa . "/" . $optcfg['subnet'], null, "", null, null);
+					$optsa . "/" . $optcfg['subnet'], null, "", null, null, "");
 			}
 		}
 
@@ -941,7 +946,7 @@ function filter_nat_rules_generate() {
 			if($config['pptp']['pptp_subnet'] <> "")
 				$pptp_subnet = $config['pptp']['pptp_subnet'];
 			$natrules .= filter_nat_rules_generate_if($wanif,
-				$pptpdcfg['remoteip'] . "/" . $pptp_subnet, null, "", null, null);
+				$pptpdcfg['remoteip'] . "/" . $pptp_subnet, null, "", null, null, "");
 		}
 
 		/* static routes
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index dd47ef7..114f5a1 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -61,6 +61,7 @@ if (isset($id) && $a_out[$id]) {
 	if (!$pconfig['interface'])
 		$pconfig['interface'] = "wan";
     $pconfig['descr'] = $a_out[$id]['descr'];
+    $pconfig['nonat'] = $a_out[$id]['nonat'];
 } else {
     $pconfig['source_subnet'] = 24;
     $pconfig['destination'] = "any";
@@ -247,20 +248,27 @@ function sourcesel_change() {
               <?display_topbar()?>
               <table width="100%" border="0" cellpadding="6" cellspacing="0">
 	        <tr>
+                  <td width="22%" valign="top" class="vncellreq">No nat (NOT)</td>
+                  <td width="78%" class="vtable">
+			<input type="checkbox" name="nonat"<?php if(isset($pconfig['nonat'])) echo " CHECKED"; ?>>
+                     <span class="vexpl">Enabling this option will disable natting for the item and stop processing outgoing nat rules.
+		     <br>Hint: in most cases, you'll not use this option unless you know what your doing.</span></td>
+                </tr>
+	        <tr>
                   <td width="22%" valign="top" class="vncellreq">Interface</td>
                   <td width="78%" class="vtable">
-					<select name="interface" class="formfld">
-						<?php
-						$interfaces = array('wan' => 'WAN');
-						for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
-							$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-						}
-						foreach ($interfaces as $iface => $ifacename): ?>
-						<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
-						<?=htmlspecialchars($ifacename);?>
-						</option>
-						<?php endforeach; ?>
-					</select><br>
+			<select name="interface" class="formfld">
+				<?php
+				$interfaces = array('wan' => 'WAN');
+				for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+					$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+				}
+				foreach ($interfaces as $iface => $ifacename): ?>
+				<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+				<?=htmlspecialchars($ifacename);?>
+				</option>
+				<?php endforeach; ?>
+			</select><br>
                      <span class="vexpl">Choose which interface this rule applies to.<br>
                      Hint: in most cases, you'll want to use WAN here.</span></td>
                 </tr>
-- 
cgit v1.1


No nat (NOT)	+ > + Enabling this option will disable natting for the item and stop processing outgoing nat rules. + Hint: in most cases, you'll not use this option unless you know what your doing.
Interface	- + Choose which interface this rule applies to. Hint: in most cases, you'll want to use WAN here.