From 55705b333518144ccea42219c8459b5d0b1d6ecc Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 23 Apr 2013 09:40:27 -0300 Subject: Allow IPs inside virtual IP networks to be used as gateways. Fixed #2962 --- usr/local/www/firewall_virtual_ip.php | 23 +++++++++++++++++++ usr/local/www/system_gateways_edit.php | 42 +++++++++++++++++++++++++++++----- 2 files changed, 59 insertions(+), 6 deletions(-) (limited to 'usr') diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 5d0dacd..55f6383 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -107,6 +107,29 @@ if ($_GET['act'] == "del") { } } + if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) + $subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); + else + $subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); + + $subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits']; + + $is_ipv6 = is_ipaddrv6($a_vip[$_GET['id']]['subnet']); + if (is_array($config['gateways']['gateway_item'])) + foreach($config['gateways']['gateway_item'] as $gateway) { + if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) + continue; + if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') + continue; + if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') + continue; + + if (ip_in_subnet($gateway['gateway'], $subnet)) { + $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway."); + break; + } + } + if ($a_vip[$_GET['id']]['mode'] == "ipalias") { $found_carp = false; $found_other_alias = false; diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index fcadebf..ccaa59d 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -119,9 +119,24 @@ if ($_POST) { if(empty($parent_ip) || empty($parent_sn)) { $input_errors[] = gettext("You can not use a IPv4 Gateway Address on a IPv6 only interface."); } else { - $subnet = gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn; - if(!ip_in_subnet($_POST['gateway'], $subnet)) - $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet); + $subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn); + $vips = link_interface_to_vips($_POST['interface']); + if (is_array($vips)) + foreach($vips as $vip) { + if (!is_ipaddrv4($vip['subnet'])) + continue; + $subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; + } + + $found = false; + foreach($subnets as $subnet) + if(ip_in_subnet($_POST['gateway'], $subnet)) { + $found = true; + break; + } + + if ($found === false) + $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within one of the chosen interface's subnets."), $_POST['gateway']); } } else if(is_ipaddrv6($_POST['gateway'])) { @@ -132,9 +147,24 @@ if ($_POST) { if(empty($parent_ip) || empty($parent_sn)) { $input_errors[] = gettext("You can not use a IPv6 Gateway Address on a IPv4 only interface."); } else { - $subnet = gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn; - if(!ip_in_subnet($_POST['gateway'], $subnet)) - $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within the chosen interface's subnet '%2\$s'."), $_POST['gateway'],$subnet); + $subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn); + $vips = link_interface_to_vips($_POST['interface']); + if (is_array($vips)) + foreach($vips as $vip) { + if (!is_ipaddrv6($vip['subnet'])) + continue; + $subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; + } + + $found = false; + foreach($subnets as $subnet) + if(ip_in_subnet($_POST['gateway'], $subnet)) { + $found = true; + break; + } + + if ($found === false) + $input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within one of the chosen interface's subnets."), $_POST['gateway']); } } } -- cgit v1.1