. * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ##|+PRIV ##|*IDENT=page-firewall-nat-outbound ##|*NAME=Firewall: NAT: Outbound ##|*DESCR=Allow access to the 'Firewall: NAT: Outbound' page. ##|*MATCH=firewall_nat_out.php* ##|-PRIV require_once("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); global $FilterIflist; global $GatewaysList; if (!is_array($config['nat']['outbound'])) { $config['nat']['outbound'] = array(); } if (!is_array($config['nat']['outbound']['rule'])) { $config['nat']['outbound']['rule'] = array(); } $a_out = &$config['nat']['outbound']['rule']; // update rule order, POST[rule] is an array of ordered IDs // All rule are 'checked' before posting if (isset($_POST['order-store'])) { if (is_array($_POST['rule']) && !empty($_POST['rule'])) { $a_out_new = array(); // if a rule is not in POST[rule], it has been deleted by the user foreach ($_POST['rule'] as $id) { $a_out_new[] = $a_out[$id]; } $a_out = $a_out_new; if (write_config()) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } if (!isset($config['nat']['outbound']['mode'])) { $config['nat']['outbound']['mode'] = "automatic"; } $mode = $config['nat']['outbound']['mode']; if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); if (stristr($retval, "error") <> true) { $savemsg = get_std_save_message($retval); } else { $savemsg = $retval; } if ($retval == 0) { clear_subsystem_dirty('natconf'); clear_subsystem_dirty('filter'); } } if ($_POST['save']) { /* mutually exclusive settings - if user wants advanced NAT, we don't generate automatic rules */ if ($_POST['mode'] == "advanced" && ($mode == "automatic" || $mode == "hybrid")) { /* * user has enabled advanced outbound NAT and doesn't have rules * lets automatically create entries * for all of the interfaces to make life easier on the pip-o-chap */ if (empty($FilterIflist)) { filter_generate_optcfg_array(); } if (empty($GatewaysList)) { filter_generate_gateways(); } $tonathosts = filter_nat_rules_automatic_tonathosts(true); $automatic_rules = filter_nat_rules_outbound_automatic(""); foreach ($tonathosts as $tonathost) { foreach ($automatic_rules as $natent) { $natent['source']['network'] = $tonathost['subnet']; $natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'), $tonathost['descr'], convert_real_interface_to_friendly_descr($natent['interface'])); $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); /* Try to detect already auto created rules and avoid duplicating them */ $found = false; foreach ($a_out as $rule) { if ($rule['interface'] == $natent['interface'] && $rule['source']['network'] == $natent['source']['network'] && $rule['dstport'] == $natent['dstport'] && $rule['target'] == $natent['target'] && $rule['descr'] == $natent['descr']) { $found = true; break; } } if ($found === false) { $a_out[] = $natent; } } } $savemsg = gettext("Default rules for each interface have been created."); unset($FilterIflist, $GatewaysList); } $config['nat']['outbound']['mode'] = $_POST['mode']; if (write_config()) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } // Delete a single rule/map if ($_GET['act'] == "del") { if ($a_out[$_GET['id']]) { unset($a_out[$_GET['id']]); if (write_config()) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } // Delete multiple maps Only checked rules will be in the // POST if (isset($_POST['del_x'])) { /* delete selected rules */ print('Deleting rows
'); if (is_array($_POST['rule']) && count($_POST['rule'])) { foreach ($_POST['rule'] as $rulei) { print('Deleting ' . $rulei . '
'); unset($a_out[$rulei]); } if (write_config()) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } else if ($_GET['act'] == "toggle") { if ($a_out[$_GET['id']]) { if (isset($a_out[$_GET['id']]['disabled'])) { unset($a_out[$_GET['id']]['disabled']); } else { $a_out[$_GET['id']]['disabled'] = true; } if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Outbound")); include("head.inc"); if ($savemsg) { print_info_box($savemsg, 'success'); } if (is_subsystem_dirty('natconf')) { print_apply_box(gettext('The NAT configuration has been changed.') . '
' . gettext('The changes must be applied for them to take effect.')); } $tab_array = array(); $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php"); $tab_array[] = array(gettext("Outbound"), true, "firewall_nat_out.php"); $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php"); display_top_tabs($tab_array); $form = new Form(); $section = new Form_Section('Outbound NAT Mode'); $group = new Form_Group('Mode'); $group->add(new Form_Checkbox( 'mode', 'Mode', null, $mode == 'automatic', 'automatic' ))->displayAsRadio()->setHelp('Automatic outbound NAT rule generation.' . '
' . '(IPsec passthrough included)'); $group->add(new Form_Checkbox( 'mode', null, null, $mode == 'hybrid', 'hybrid' ))->displayAsRadio()->setHelp('Hybrid Outbound NAT rule generation.' . '
' . '(Automatic Outbound NAT + rules below)'); $group->add(new Form_Checkbox( 'mode', null, null, $mode == 'advanced', 'advanced' ))->displayAsRadio()->setHelp('Manual Outbound NAT rule generation.' . '
' . '(AON - Advanced Outbound NAT)'); $group->add(new Form_Checkbox( 'mode', null, null, $mode == 'disabled', 'disabled' ))->displayAsRadio()->setHelp('Disable Outbound NAT rule generation.' . '
' . '(No Outbound NAT rules)'); $section->add($group); $form->add($section); print($form); ?>

onClick="fr_toggle()" ondblclick="document.location='firewall_nat_out_edit.php?id=';">
" title=""> " title="">  "> NO NAT'; } elseif (!$natent['target']) { echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address"; } elseif ($natent['target'] == "other-subnet") { echo $natent['targetip'] . '/' . $natent['targetip_subnet']; } else { echo $natent['target']; } ?> " href="firewall_nat_out_edit.php?id="> " href="firewall_nat_out_edit.php?dup="> " href="firewall_nat_out.php?act=del&id=">

">
' . 'If manual outbound NAT is selected, outbound NAT rules will not be automatically generated and only the mappings specified on this page ' . 'will be used.' . '
' . 'If hybrid outbound NAT is selected, mappings specified on this page will be used, followed by the automatically generated ones.' . '
' . 'If disable outbound NAT is selected, no rules will be used.' . '
' . 'If a target address other than an interface\'s IP address is used, then depending on the way the WAN connection is setup, a ') . '' . gettext("Virtual IP") . '' . gettext(" may also be required."), 'info', false); ?>