Project

General

Profile

Download (17.5 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / firewall_nat.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	firewall_nat.php
5
	Copyright (C) 2004 Scott Ullrich
6
	All rights reserved.
7

    
8
	originally part of m0n0wall (http://m0n0.ch/wall)
9
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10
	All rights reserved.
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	   this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	   notice, this list of conditions and the following disclaimer in the
20
	   documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33
/*
34
	pfSense_MODULE:	nat
35
*/
36

    
37
##|+PRIV
38
##|*IDENT=page-firewall-nat-portforward
39
##|*NAME=Firewall: NAT: Port Forward page
40
##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward' page.
41
##|*MATCH=firewall_nat.php*
42
##|-PRIV
43

    
44
require("guiconfig.inc");
45
require_once("functions.inc");
46
require_once("filter.inc");
47
require_once("shaper.inc");
48
require_once("itemid.inc");
49

    
50
if (!is_array($config['nat']['rule']))
51
	$config['nat']['rule'] = array();
52

    
53
$a_nat = &$config['nat']['rule'];
54

    
55
/* if a custom message has been passed along, lets process it */
56
if ($_GET['savemsg'])
57
	$savemsg = $_GET['savemsg'];
58

    
59
if ($_POST) {
60

    
61
	$pconfig = $_POST;
62

    
63
	if ($_POST['apply']) {
64

    
65
		write_config();
66

    
67
		$retval = 0;
68

    
69
		unlink_if_exists("/tmp/config.cache");
70
		$retval |= filter_configure();
71
		$savemsg = get_std_save_message($retval);
72

    
73
		pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/apply");
74

    
75
		if ($retval == 0) {
76
			clear_subsystem_dirty('natconf');
77
			clear_subsystem_dirty('filter');
78
		}
79

    
80
	}
81
}
82

    
83
if ($_GET['act'] == "del") {
84
	if ($a_nat[$_GET['id']]) {
85

    
86
		if (isset($a_nat[$_GET['id']]['associated-rule-id'])) {
87
			delete_id($a_nat[$_GET['id']]['associated-rule-id'], $config['filter']['rule']);
88
			$want_dirty_filter = true;
89
		}
90
		unset($a_nat[$_GET['id']]);
91

    
92
		if (write_config()) {
93
			mark_subsystem_dirty('natconf');
94
			if ($want_dirty_filter)
95
				mark_subsystem_dirty('filter');
96
		}
97
		header("Location: firewall_nat.php");
98
		exit;
99
	}
100
}
101

    
102
if (isset($_POST['del_x'])) {
103
    /* delete selected rules */
104
    if (is_array($_POST['rule']) && count($_POST['rule'])) {
105
	    foreach ($_POST['rule'] as $rulei) {
106
		$target = $rule['target'];
107
			// Check for filter rule associations
108
			if (isset($a_nat[$rulei]['associated-rule-id'])){
109
				delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']);
110
				
111
				mark_subsystem_dirty('filter');
112
			}
113
	        unset($a_nat[$rulei]);
114
	    }
115
		if (write_config())
116
			mark_subsystem_dirty('natconf');
117
		header("Location: firewall_nat.php");
118
		exit;
119
	}
120

    
121
} else {
122
        /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
123
        unset($movebtn);
124
        foreach ($_POST as $pn => $pd) {
125
                if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
126
                        $movebtn = $matches[1];
127
                        break;
128
                }
129
        }
130
        /* move selected rules before this rule */
131
        if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
132
                $a_nat_new = array();
133

    
134
                /* copy all rules < $movebtn and not selected */
135
                for ($i = 0; $i < $movebtn; $i++) {
136
                        if (!in_array($i, $_POST['rule']))
137
                                $a_nat_new[] = $a_nat[$i];
138
                }
139

    
140
                /* copy all selected rules */
141
                for ($i = 0; $i < count($a_nat); $i++) {
142
                        if ($i == $movebtn)
143
                                continue;
144
                        if (in_array($i, $_POST['rule']))
145
                                $a_nat_new[] = $a_nat[$i];
146
                }
147

    
148
                /* copy $movebtn rule */
149
                if ($movebtn < count($a_nat))
150
                        $a_nat_new[] = $a_nat[$movebtn];
151

    
152
                /* copy all rules > $movebtn and not selected */
153
                for ($i = $movebtn+1; $i < count($a_nat); $i++) {
154
                        if (!in_array($i, $_POST['rule']))
155
                                $a_nat_new[] = $a_nat[$i];
156
                }
157
                $a_nat = $a_nat_new;
158
		if (write_config())
159
			mark_subsystem_dirty('natconf');
160
                header("Location: firewall_nat.php");
161
                exit;
162
        }
163
}
164

    
165
$closehead = false;
166
$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"));
167
include("head.inc");
168

    
169
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/domLib.js\"></script>";
170
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/domTT.js\"></script>";
171
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/behaviour.js\"></script>";
172
echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></script>";
173

    
174
?>
175
</head>
176

    
177
<body link="#000000" vlink="#000000" alink="#000000">
178
<?php include("fbegin.inc"); ?>
179
<form action="firewall_nat.php" method="post" name="iform">
180
<script type="text/javascript" src="/javascript/row_toggle.js"></script>
181
<?php if ($savemsg) print_info_box($savemsg); ?>
182
<?php if (is_subsystem_dirty('natconf')): ?>
183
<?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br />
184
<?php endif; ?>
185
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat">
186
  <tr><td>
187
<?php
188
	$tab_array = array();
189
	$tab_array[] = array(gettext("Port Forward"), true, "firewall_nat.php");
190
	$tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php");
191
	$tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php");
192
	$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
193
	display_top_tabs($tab_array);
194
?>
195
 </td></tr>
196
  <tr>
197
    <td>
198
	<div id="mainarea">
199
              <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
200
                <tr id="frheader">
201
		  <td width="3%" class="list">&nbsp;</td>
202
                  <td width="3%" class="list">&nbsp;</td>
203
		  <td width="5%" class="listhdrr"><?=gettext("If");?></td>
204
		  <td width="5%" class="listhdrr"><?=gettext("Proto");?></td>
205
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Src. addr");?></td>
206
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Src. ports");?></td>
207
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. addr");?></td>
208
		  <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. ports");?></td>
209
		  <td width="11%" class="listhdrr nowrap"><?=gettext("NAT IP");?></td>
210
		  <td width="11%" class="listhdrr nowrap"><?=gettext("NAT Ports");?></td>
211
		  <td width="11%" class="listhdr"><?=gettext("Description");?></td>
212
                  <td width="5%" class="list">
213
                    <table border="0" cellspacing="0" cellpadding="1" summary="list">
214
                      <tr>
215
			<td width="17">
216
			<?php if (count($a_nat) == 0): ?>
217
				<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
218
			<?php else: ?>
219
				<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
220
			<?php endif; ?>
221
			</td>
222
                        <td><a href="firewall_nat_edit.php?after=-1"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
223
                      </tr>
224
                    </table>
225
		  </td>
226
		</tr>
227
	<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
228
	<?php 
229
	
230
		//build Alias popup box
231
		$span_end = "</U></span>";
232

    
233
		$alias_popup = rule_popup($natent['source']['address'], pprint_port($natent['source']['port']), $natent['destination']['address'], pprint_port($natent['destination']['port']));
234

    
235
		$alias_src_span_begin      = $alias_popup["src"];
236
		$alias_src_port_span_begin = $alias_popup["srcport"];
237
		$alias_dst_span_begin      = $alias_popup["dst"];
238
		$alias_dst_port_span_begin = $alias_popup["dstport"];
239

    
240
		$alias_src_span_end        = $alias_popup["src_end"];
241
		$alias_src_port_span_end   = $alias_popup["srcport_end"];
242
		$alias_dst_span_end        = $alias_popup["dst_end"];
243
		$alias_dst_port_span_end   = $alias_popup["dstport_end"];
244

    
245
		$alias_popup = rule_popup("","",$natent['target'], pprint_port($natent['local-port']));
246

    
247
		$alias_target_span_begin     = $alias_popup["dst"];
248
		$alias_local_port_span_begin = $alias_popup["dstport"];
249

    
250
		$alias_target_span_end       = $alias_popup["dst_end"];
251
		$alias_local_port_span_end   = $alias_popup["dstport_end"];
252

    
253
		if (isset($natent['disabled']))
254
			$textss = "<span class=\"gray\">";
255
		else
256
			$textss = "<span>";
257

    
258
		$textse = "</span>";
259
	
260
		/* if user does not have access to edit an interface skip on to the next record */
261
		if(!have_natpfruleint_access($natent['interface'])) 
262
			continue;
263
	?>
264
                <tr valign="top" id="fr<?=$nnats;?>">
265
                  <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td>
266
                  <td class="listt" align="center">
267
					<?php if($natent['associated-rule-id'] == "pass"): ?>
268
					<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="<?=gettext("All traffic matching this NAT entry is passed"); ?>" border="0" alt="pass" />
269
					<?php elseif (!empty($natent['associated-rule-id'])): ?>
270
					<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="<?=gettext("Firewall rule ID"); ?> <?=htmlspecialchars($nnatid); ?> <?=gettext("is managed with this rule"); ?>" border="0" alt="change" />
271
					<?php endif; ?>
272
				  </td>
273
                  <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
274
                    <?=$textss;?>
275
		    <?php
276
			if (!$natent['interface'])
277
				echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
278
			else
279
				echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
280
		    ?>
281
                    <?=$textse;?>
282
                  </td>
283

    
284
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
285
					<?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?>
286
                  </td>
287

    
288
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
289
				    <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
290
                  </td>
291
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
292
				    <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?>
293
                  </td>
294

    
295
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
296
				    <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?>
297
                  </td>
298
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
299
				    <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
300
                  </td>
301

    
302
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
303
				    <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?>
304
                  </td>
305
                  <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
306
					<?php
307
						$localport = $natent['local-port'];
308

    
309
						list($dstbeginport, $dstendport) = explode("-", $natent['destination']['port']);
310

    
311
						if ($dstendport) {
312
							$localendport = $natent['local-port'] + $dstendport - $dstbeginport;
313
							$localport   .= '-' . $localendport;
314
						}
315
					?>
316
				    <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?>
317
                  </td>
318

    
319
                  <td class="listbg" onclick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
320
				  <?=$textss;?><?=htmlspecialchars($natent['descr']);?>&nbsp;<?=$textse;?>
321
                  </td>
322
                  <td valign="middle" class="list nowrap">
323
                    <table border="0" cellspacing="0" cellpadding="1" summary="move">
324
                      <tr>
325
			<td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" height="17" type="image" width="17" border="0" /></td>
326
                        <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td>
327
                      </tr>
328
                      <tr>
329
					    <td align="center" valign="middle"><a href="firewall_nat.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" /></a></td>
330
			<td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="add" /></a></td>
331
                      </tr>
332
                    </table>
333
		</tr>
334
  	     <?php $i++; $nnats++; endforeach; ?>
335
                <tr>
336
                  <td class="list" colspan="8"></td>
337
                  <td>&nbsp;</td>
338
                  <td>&nbsp;</td>
339
                  <td>&nbsp;</td>
340
                  <td class="list nowrap" valign="middle">
341
                    <table border="0" cellspacing="0" cellpadding="1" summary="move">
342
                      <tr>
343
			<td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected rules to end");?>" /><?php endif; ?></td>
344
                      </tr>
345
                      <tr>
346
			<td width="17">
347
			<?php if (count($a_nat) == 0): ?>
348
				<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
349
			<?php else: ?>
350
				<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
351
			<?php endif; ?>
352
			</td>
353
                        <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
354
                      </tr>
355
                    </table>
356
		  </td>
357
		</tr>
358
		<tr><td>&nbsp;</td></tr>
359
          <tr>
360
            <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" alt="pass" /></td>
361
            <td colspan="3"><?=gettext("pass"); ?></td>
362
			</tr>
363
		   <tr>
364
            <td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11" alt="chain" /></td>
365
	    <td colspan="3"><?=gettext("linked rule");?></td>
366
          </tr>
367
    </table>
368
	</div>
369
	</td>
370
  </tr>
371
</table>
372

    
373
<?php
374
if ($pkg['tabs'] <> "") {
375
    echo "</td></tr></table>";
376
}
377
?>
378

    
379
</form>
380
<?php include("fend.inc"); ?>
381
</body>
382
</html>
(63-63/256)