. * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ##|+PRIV ##|*IDENT=page-firewall-nat-outbound ##|*NAME=Firewall: NAT: Outbound ##|*DESCR=Allow access to the 'Firewall: NAT: Outbound' page. ##|*MATCH=firewall_nat_out.php* ##|-PRIV require_once("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); global $FilterIflist; global $GatewaysList; if (!is_array($config['nat']['outbound'])) { $config['nat']['outbound'] = array(); } if (!is_array($config['nat']['outbound']['rule'])) { $config['nat']['outbound']['rule'] = array(); } $a_out = &$config['nat']['outbound']['rule']; // update rule order, POST[rule] is an array of ordered IDs // All rule are 'checked' before posting if (isset($_REQUEST['order-store'])) { if (is_array($_REQUEST['rule']) && !empty($_REQUEST['rule'])) { $a_out_new = array(); // if a rule is not in POST[rule], it has been deleted by the user foreach ($_REQUEST['rule'] as $id) { $a_out_new[] = $a_out[$id]; } $a_out = $a_out_new; if (write_config(gettext("Firewall: NAT: Outbound - reordered outbound NAT mappings."))) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } if (!isset($config['nat']['outbound']['mode'])) { $config['nat']['outbound']['mode'] = "automatic"; } $mode = $config['nat']['outbound']['mode']; if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); if ($retval == 0) { clear_subsystem_dirty('natconf'); clear_subsystem_dirty('filter'); } } if ($_POST['save']) { /* mutually exclusive settings - if user wants advanced NAT, we don't generate automatic rules */ if ($_POST['mode'] == "advanced" && ($mode == "automatic" || $mode == "hybrid")) { /* * user has enabled advanced outbound NAT and doesn't have rules * lets automatically create entries * for all of the interfaces to make life easier on the pip-o-chap */ if (empty($FilterIflist)) { filter_generate_optcfg_array(); } if (empty($GatewaysList)) { filter_generate_gateways(); } $tonathosts = filter_nat_rules_automatic_tonathosts(true); $automatic_rules = filter_nat_rules_outbound_automatic(""); foreach ($tonathosts as $tonathost) { foreach ($automatic_rules as $natent) { $natent['source']['network'] = $tonathost['subnet']; $natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'), $tonathost['descr'], convert_real_interface_to_friendly_descr($natent['interface'])); $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); /* Try to detect already auto created rules and avoid duplicating them */ $found = false; foreach ($a_out as $rule) { if ($rule['interface'] == $natent['interface'] && $rule['source']['network'] == $natent['source']['network'] && $rule['dstport'] == $natent['dstport'] && $rule['target'] == $natent['target'] && $rule['descr'] == $natent['descr']) { $found = true; break; } } if ($found === false) { $a_out[] = $natent; } } } $default_rules_msg = gettext("Default rules for each interface have been created."); unset($FilterIflist, $GatewaysList); } $config['nat']['outbound']['mode'] = $_POST['mode']; if (write_config(gettext("Firewall: NAT: Outbound - saved outbound NAT settings."))) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } // Delete a single rule/map if ($_POST['act'] == "del") { if ($a_out[$_POST['id']]) { unset($a_out[$_POST['id']]); if (write_config(gettext("Firewall: NAT: Outbound - deleted outbound NAT mapping."))) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } // Delete multiple maps Only checked rules will be in the // POST if (isset($_POST['del_x'])) { /* delete selected rules */ print('Deleting rows
'); if (is_array($_POST['rule']) && count($_POST['rule'])) { foreach ($_POST['rule'] as $rulei) { print('Deleting ' . $rulei . '
'); unset($a_out[$rulei]); } if (write_config(gettext("Firewall: NAT: Outbound - deleted selected outbound NAT mappings."))) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } else if ($_POST['act'] == "toggle") { if ($a_out[$_POST['id']]) { if (isset($a_out[$_POST['id']]['disabled'])) { unset($a_out[$_POST['id']]['disabled']); $wc_msg = gettext('Firewall: NAT: Outbound - enabled outbound NAT rule.'); } else { $a_out[$_POST['id']]['disabled'] = true; $wc_msg = gettext('Firewall: NAT: Outbound - disabled outbound NAT rule.'); } if (write_config($wc_msg)) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat_out.php"); exit; } } $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Outbound")); $pglinks = array("", "firewall_nat.php", "@self"); include("head.inc"); if ($default_rules_msg) { print_info_box($default_rules_msg, 'success'); } if ($_POST['apply']) { print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { print_apply_box(gettext('The NAT configuration has been changed.') . '
' . gettext('The changes must be applied for them to take effect.')); } $tab_array = array(); $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php"); $tab_array[] = array(gettext("Outbound"), true, "firewall_nat_out.php"); $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php"); display_top_tabs($tab_array); $form = new Form(); $section = new Form_Section('Outbound NAT Mode'); $group = new Form_Group('Mode'); $group->add(new Form_Checkbox( 'mode', 'Mode', null, $mode == 'automatic', 'automatic' ))->displayAsRadio()->setHelp('Automatic outbound NAT rule generation.%s(IPsec passthrough included)', '
'); $group->add(new Form_Checkbox( 'mode', null, null, $mode == 'hybrid', 'hybrid' ))->displayAsRadio()->setHelp('Hybrid Outbound NAT rule generation.%s(Automatic Outbound NAT + rules below)', '
'); $group->add(new Form_Checkbox( 'mode', null, null, $mode == 'advanced', 'advanced' ))->displayAsRadio()->setHelp('Manual Outbound NAT rule generation.%s(AON - Advanced Outbound NAT)', '
'); $group->add(new Form_Checkbox( 'mode', null, null, $mode == 'disabled', 'disabled' ))->displayAsRadio()->setHelp('Disable Outbound NAT rule generation.%s(No Outbound NAT rules)', '
'); $section->add($group); $form->add($section); print($form); ?>

onClick="fr_toggle()" ondblclick="document.location='firewall_nat_out_edit.php?id=';">
" title=""> " title="">  "> NO NAT'; } elseif (!$natent['target']) { echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address"; } elseif ($natent['target'] == "other-subnet") { echo $natent['targetip'] . '/' . $natent['targetip_subnet']; } else { echo $natent['target']; } ?> " href="firewall_nat_out_edit.php?id="> " href="firewall_nat_out_edit.php?dup="> " href="firewall_nat_out.php?act=del&id=" usepost>

">
' . gettext('If manual outbound NAT is selected, outbound NAT rules will not be automatically generated and only the mappings specified on this page will be used.') . '
' . gettext('If hybrid outbound NAT is selected, mappings specified on this page will be used, followed by the automatically generated ones.') . '
' . gettext('If disable outbound NAT is selected, no rules will be used.') . '
' . sprintf( gettext('If a target address other than an interface\'s IP address is used, then depending on the way the WAN connection is setup, a %1$sVirtual IP%2$s may also be required.'), '', ''), 'info', false); ?>