From df66409b8c42d508447d00501e192ba39ffd0455 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Tue, 4 May 2010 17:20:27 -0600
Subject: Removed unused NAT reflection timeout setting.

---
 usr/local/www/system_advanced_firewall.php | 13 -------------
 1 file changed, 13 deletions(-)

(limited to 'usr/local/www/system_advanced_firewall.php')

diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index e3d2e1e..15be0f2 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -56,7 +56,6 @@ $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
 $pconfig['optimization'] = $config['filter']['optimization'];
 $pconfig['maximumstates'] = $config['system']['maximumstates'];
 $pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
-$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout'];
 $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
 $pconfig['disablescrub'] = isset($config['system']['disablescrub']);
 $pconfig['tftpinterface'] = $config['system']['tftpinterface']; 
@@ -73,9 +72,6 @@ if ($_POST) {
 	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
 		$input_errors[] = "The TCP idle timeout must be an integer.";
 	}
-	if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) {
-		$input_errors[] = "The Reflection timeout must be an integer.";
-	}
 
     ob_flush();
     flush();
@@ -110,8 +106,6 @@ if ($_POST) {
 		else
 			unset($config['system']['disablenatreflection']);
 		
-		$config['system']['reflectiontimeout'] = $_POST['reflectiontimeout'];
-
 		if($_POST['bypassstaticroutes'] == "yes")
 			$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'];
 		else
@@ -305,13 +299,6 @@ function update_description(itemnum) {
 								</td>
 							</tr>
 							<tr>
-								<td width="22%" valign="top" class="vncell">Reflection Timeout</td>
-								<td width="78%" class="vtable">
-									<input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" /><br/>
-									<strong>Enter value for Reflection timeout in seconds.</strong>
-								</td>
-							</tr>
-							<tr>
 								<td width="22%" valign="top" class="vncell">TFTP Proxy</td>
 								<td width="78%" class="vtable">
 									<select name="tftpinterface[]" multiple="true" class="formselect" size="3">
-- 
cgit v1.1


From 0bf53f553d67c31da6028e61b9662f12a7098769 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Tue, 4 May 2010 17:24:55 -0600
Subject: Remove note about reflection being skipped on large port ranges.

---
 usr/local/www/system_advanced_firewall.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local/www/system_advanced_firewall.php')

diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 15be0f2..e8a4173 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -295,7 +295,7 @@ function update_description(itemnum) {
 								<td width="22%" valign="top" class="vncell">Disable NAT Reflection</td>
 								<td width="78%" class="vtable">
 									<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> />
-									<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks.  Note: Reflection is only enabled for port forward entries and is skipped for ranges larger than 500 ports.</strong>
+									<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks.  Note: Reflection is only enabled for port forward entries.</strong>
 								</td>
 							</tr>
 							<tr>
-- 
cgit v1.1


From 9fc22c6f56e90a7071f6dd2f915eff23f9f786fb Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Tue, 4 May 2010 22:27:57 -0600
Subject: Add configuration option in System: Advanced: Firewall/NAT for NAT
 reflection on 1:1 NAT.

---
 usr/local/www/system_advanced_firewall.php | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'usr/local/www/system_advanced_firewall.php')

diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index e8a4173..fbfcdef 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -56,6 +56,10 @@ $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
 $pconfig['optimization'] = $config['filter']['optimization'];
 $pconfig['maximumstates'] = $config['system']['maximumstates'];
 $pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
+if (!isset($config['system']['enablebinatreflection']))
+	$pconfig['disablebinatreflection'] = "yes";
+else
+	$pconfig['disablebinatreflection'] = "";
 $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
 $pconfig['disablescrub'] = isset($config['system']['disablescrub']);
 $pconfig['tftpinterface'] = $config['system']['tftpinterface']; 
@@ -105,7 +109,12 @@ if ($_POST) {
 			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
 		else
 			unset($config['system']['disablenatreflection']);
-		
+
+		if($_POST['disablebinatreflection'] == "yes")
+			unset($config['system']['enablebinatreflection']);
+		else
+			$config['system']['enablebinatreflection'] = "yes";
+
 		if($_POST['bypassstaticroutes'] == "yes")
 			$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'];
 		else
@@ -292,10 +301,17 @@ function update_description(itemnum) {
 								<td colspan="2" valign="top" class="listtopic">Network Address Translation</td>
 							</tr>		
 							<tr>
-								<td width="22%" valign="top" class="vncell">Disable NAT Reflection</td>
+								<td width="22%" valign="top" class="vncell">Disable NAT Reflection for port forwards</td>
 								<td width="78%" class="vtable">
 									<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> />
-									<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks.  Note: Reflection is only enabled for port forward entries.</strong>
+									<strong>Disables the automatic creation of additional NAT redirect rules for access to port forwards on your public IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.</strong>
+								</td>
+							</tr>
+							<tr>
+								<td width="22%" valign="top" class="vncell">Disable NAT Reflection for 1:1 NAT</td>
+								<td width="78%" class="vtable">
+									<input name="disablebinatreflection" type="checkbox" id="disablebinatreflection" value="yes" <?php if (!isset($config['system']['enablebinatreflection'])) echo "checked"; ?> />
+									<strong>Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your public IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.</strong>
 								</td>
 							</tr>
 							<tr>
-- 
cgit v1.1


From e57d08971659ee0ed6d884409838394e33a2a395 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Tue, 4 May 2010 22:31:59 -0600
Subject: Slightly change wording of NAT reflection description.

---
 usr/local/www/system_advanced_firewall.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/system_advanced_firewall.php')

diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index fbfcdef..4ac1cb3 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -304,14 +304,14 @@ function update_description(itemnum) {
 								<td width="22%" valign="top" class="vncell">Disable NAT Reflection for port forwards</td>
 								<td width="78%" class="vtable">
 									<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> />
-									<strong>Disables the automatic creation of additional NAT redirect rules for access to port forwards on your public IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.</strong>
+									<strong>Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.</strong>
 								</td>
 							</tr>
 							<tr>
 								<td width="22%" valign="top" class="vncell">Disable NAT Reflection for 1:1 NAT</td>
 								<td width="78%" class="vtable">
 									<input name="disablebinatreflection" type="checkbox" id="disablebinatreflection" value="yes" <?php if (!isset($config['system']['enablebinatreflection'])) echo "checked"; ?> />
-									<strong>Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your public IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.</strong>
+									<strong>Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.</strong>
 								</td>
 							</tr>
 							<tr>
-- 
cgit v1.1