mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-14 08:34:39 +00:00
add nat type selection in firewall_nat_1to1 and change some descriptions, for https://github.com/opnsense/core/issues/440
This commit is contained in:
Ad Schellevis
parent
9584bbf7b5
commit
da66245abe
@ -1529,7 +1529,7 @@ function filter_nat_rules_generate(&$FilterIflist)
|
||||
|
||||
$tmp = explode('/', $srcaddr);
|
||||
$srcip = $tmp[0];
|
||||
if (!empty($tmp[1]) && is_numeric($tmp[1])) {
|
||||
if (!empty($tmp[1]) && is_numeric($tmp[1]) && strpos($target, '/') === false) {
|
||||
$sn = $tmp[1];
|
||||
$sn1 = "/{$sn}";
|
||||
}
|
||||
@ -1546,8 +1546,8 @@ function filter_nat_rules_generate(&$FilterIflist)
|
||||
} else {
|
||||
$nat_if_list = array();
|
||||
}
|
||||
|
||||
$natrules .= "binat on {$natif} from {$srcaddr} to {$dstaddr} -> {$target}{$sn1}\n";
|
||||
$nattype = empty($rule['type']) ? "binat" : $rule['type'];
|
||||
$natrules .= "{$nattype} on {$natif} from {$srcaddr} to {$dstaddr} -> {$target}{$sn1}\n";
|
||||
if (!empty($nat_if_list)) {
|
||||
$binat_if_list = implode(" ", $nat_if_list);
|
||||
$binat_if_list = "{ {$binat_if_list} }";
|
||||
|
||||
@ -226,7 +226,7 @@ $main_buttons = array(
|
||||
<?=htmlspecialchars(convert_friendly_interface_to_friendly_descr(isset($natent['interface']) ? $natent['interface'] : "wan"));?>
|
||||
</td>
|
||||
<td>
|
||||
<?=isset($natent['external']) ? $natent['external'] : "";?><?=isset($natent['source']) ? strstr(pprint_address($natent['source']), '/') : "";?>
|
||||
<?=isset($natent['external']) ? $natent['external'] : "";?><?=isset($natent['source']) && strpos($natent['external'], '/') === false ? strstr(pprint_address($natent['source']), '/') : "";?>
|
||||
<?php if (isset($natent['external']['address']) && is_alias($natent['external']['address'])): ?>
|
||||
<a href="/firewall_aliases_edit.php?name=<?=htmlspecialchars($natent['external']['address']);?>"><i class="fa fa-list"></i> </a>
|
||||
<?php endif; ?>
|
||||
|
||||
@ -47,9 +47,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$pconfig['interface'] = "wan";
|
||||
$pconfig['src'] = 'lan';
|
||||
$pconfig['dst'] = 'any';
|
||||
$pconfig['type'] = 'binat';
|
||||
if (isset($configId)) {
|
||||
// copy settings from config
|
||||
foreach (array('disabled','interface','external','descr','natreflection') as $fieldname) {
|
||||
foreach (array('disabled','interface','external','descr','natreflection', 'type') as $fieldname) {
|
||||
if (isset($a_1to1[$configId][$fieldname])) {
|
||||
$pconfig[$fieldname] = $a_1to1[$configId][$fieldname];
|
||||
} else {
|
||||
@ -100,8 +101,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
|
||||
|
||||
/* For external, user can enter only ip's */
|
||||
if (!empty($pconfig['external']) && !is_ipaddr($_POST['external'])) {
|
||||
$input_errors[] = gettext("A valid external subnet must be specified.");
|
||||
$tmpext = explode('/', $pconfig['external']);
|
||||
//print_r($tmpext);echo $pconfig['srcmask'] ;die;
|
||||
if (!empty($pconfig['external'])) {
|
||||
if ($pconfig['type'] == 'binat' && (!is_ipaddr($tmpext[0]) || (count($tmpext) != 1 && $pconfig['srcmask'] != $tmpext[1]))) {
|
||||
$input_errors[] = gettext("A valid external subnet must be specified.");
|
||||
} elseif ($pconfig['type'] == 'nat' && !is_subnet($pconfig['external'])) {
|
||||
$input_errors[] = gettext("A valid external subnet must be specified.");
|
||||
}
|
||||
}
|
||||
/* For src, user can enter only ip's or networks */
|
||||
if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) {
|
||||
@ -124,6 +131,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$natent['external'] = $pconfig['external'];
|
||||
$natent['descr'] = $pconfig['descr'];
|
||||
$natent['interface'] = $pconfig['interface'];
|
||||
$natent['type'] = $pconfig['type'];
|
||||
|
||||
// copy form data with some kind of logic in it
|
||||
$natent['disabled'] = isset($_POST['disabled']) ? true:false;
|
||||
@ -255,19 +263,36 @@ include("head.inc");
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_external" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("External subnet IP"); ?></td>
|
||||
<td><a id="help_for_type" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Type"); ?></td>
|
||||
<td>
|
||||
<input name="external" type="text" value="<?=$pconfig['external'];?>" />
|
||||
<br />
|
||||
<div class="hidden" for="help_for_external">
|
||||
<?=gettext("Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping.");?><br />
|
||||
<?=gettext("The subnet mask from the internal address below will be applied to this IP address."); ?><br />
|
||||
<?=gettext("Hint: this is generally an address owned by the router itself on the selected interface."); ?>
|
||||
<select name="type" class="selectpicker" data-width="auto">
|
||||
<option value="binat" <?=$pconfig['type'] == 'binat' || empty($pconfig['type']) ? "selected=\"selected\"" : ""; ?>>
|
||||
<?=gettext("BINAT");?>
|
||||
</option>
|
||||
<option value="nat" <?=$pconfig['type'] == 'nat' ? "selected=\"selected\"" : ""; ?>>
|
||||
<?=gettext("NAT");?>
|
||||
</option>
|
||||
</select>
|
||||
<div class="hidden" for="help_for_type">
|
||||
<?=gettext("Select BINAT (default) or NAT here, when nets are equally sized binat is usually the best option.".
|
||||
"Using NAT we can also map unequal sized networks.");?><br />
|
||||
<?=gettext("A BINAT rule specifies a bidirectional mapping between an external and internal network and can be used from both ends, nat only applies in one direction.");?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_src_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Internal IP") . " / ".gettext("Invert");?> </td>
|
||||
<td><a id="help_for_external" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("External network"); ?></td>
|
||||
<td>
|
||||
<input name="external" type="text" value="<?=$pconfig['external'];?>" />
|
||||
<div class="hidden" for="help_for_external">
|
||||
<?=gettext("Enter the external subnet's starting address for the 1:1 mapping or network.");?><br />
|
||||
<?=gettext("The subnet mask from the internal address below will be applied to this IP address, when none is provided."); ?><br />
|
||||
<?=gettext("This is the address or network the traffic will translate to/from.");?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_src_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Source") . " / ".gettext("Invert");?> </td>
|
||||
<td>
|
||||
<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?= !empty($pconfig['srcnot']) ? "checked=\"checked\"" : "";?> />
|
||||
<div class="hidden" for="help_for_src_invert">
|
||||
@ -276,7 +301,7 @@ include("head.inc");
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_src" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Internal IP"); ?></td>
|
||||
<td><a id="help_for_src" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Source"); ?></td>
|
||||
<td>
|
||||
<table class="table table-condensed">
|
||||
<tr>
|
||||
@ -313,7 +338,7 @@ include("head.inc");
|
||||
</tr>
|
||||
</table>
|
||||
<div class="hidden" for="help_for_src">
|
||||
<?=gettext("Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the internal subnet will be applied to the external subnet."); ?>
|
||||
<?=gettext("Enter the internal subnet for the 1:1 mapping. The subnet size specified for the source will be applied to the external subnet, when none is provided."); ?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user