Project

General

Profile

Download (13.2 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / firewall_virtual_ip.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	firewall_virtual_ip.php
5
	part of pfSense (https://www.pfsense.org/)
6

    
7
	Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
8
	All rights reserved.
9

    
10
	Includes code from m0n0wall which is:
11
	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
12
	All rights reserved.
13

    
14
	Includes code from pfSense which is:
15
	Copyright (C) 2004-2005 Scott Ullrich <geekgod@pfsense.com>.
16
	All rights reserved.
17

    
18
	Redistribution and use in source and binary forms, with or without
19
	modification, are permitted provided that the following conditions are met:
20

    
21
	1. Redistributions of source code must retain the above copyright notice,
22
	   this list of conditions and the following disclaimer.
23

    
24
	2. Redistributions in binary form must reproduce the above copyright
25
	   notice, this list of conditions and the following disclaimer in the
26
	   documentation and/or other materials provided with the distribution.
27

    
28
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
29
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
30
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
31
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
32
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37
	POSSIBILITY OF SUCH DAMAGE.
38
*/
39
/*
40
	pfSense_BUILDER_BINARIES:	/sbin/ifconfig
41
	pfSense_MODULE:	interfaces
42
*/
43

    
44
##|+PRIV
45
##|*IDENT=page-firewall-virtualipaddresses
46
##|*NAME=Firewall: Virtual IP Addresses page
47
##|*DESCR=Allow access to the 'Firewall: Virtual IP Addresses' page.
48
##|*MATCH=firewall_virtual_ip.php*
49
##|-PRIV
50

    
51
require("guiconfig.inc");
52
require_once("functions.inc");
53
require_once("filter.inc");
54
require_once("shaper.inc");
55

    
56
if (!is_array($config['virtualip']['vip'])) {
57
	$config['virtualip']['vip'] = array();
58
}
59
$a_vip = &$config['virtualip']['vip'];
60

    
61
if ($_POST) {
62
	$pconfig = $_POST;
63

    
64
	if ($_POST['apply']) {
65
		if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) {
66
                        $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"));
67
			foreach ($toapplylist as $vid => $ovip) {
68
				if (!empty($ovip))
69
					interface_vip_bring_down($ovip);
70
				if ($a_vip[$vid]) {
71
                			switch ($a_vip[$vid]['mode']) {
72
                			case "ipalias":
73
                        			interface_ipalias_configure($a_vip[$vid]);
74
                        			break;
75
                			case "proxyarp":
76
                        			interface_proxyarp_configure($a_vip[$vid]['interface']);
77
                        			break;
78
                			case "carp":
79
                        			interface_carp_configure($a_vip[$vid]);
80
						break;
81
                			default:
82
                        			break;
83
					}
84
                		}
85
        		}
86
			@unlink("{$g['tmp_path']}/.firewall_virtual_ip.apply");
87
		}
88
		$retval = 0;
89
		$retval |= filter_configure();
90
		$savemsg = get_std_save_message($retval);
91

    
92
		clear_subsystem_dirty('vip');
93
	}
94
}
95

    
96
if ($_GET['act'] == "del") {
97
	if ($a_vip[$_GET['id']]) {
98
		/* make sure no inbound NAT mappings reference this entry */
99
		if (is_array($config['nat']['rule'])) {
100
			foreach ($config['nat']['rule'] as $rule) {
101
				if($rule['destination']['address'] <> "") {
102
					if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
103
						$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
104
						break;
105
					}
106
				}
107
			}
108
		}
109

    
110
		if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) {
111
			$is_ipv6 = true;
112
			$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
113
			$if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']);
114
			$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
115
		} else {
116
			$is_ipv6 = false;
117
			$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
118
			$if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']);
119
			$if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
120
		}
121

    
122
		$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
123
		$if_subnet .= "/" . $if_subnet_bits;
124

    
125
		if (is_array($config['gateways']['gateway_item']))
126
			foreach($config['gateways']['gateway_item'] as $gateway) {
127
				if ($a_vip[$_GET['id']]['interface'] != $gateway['interface'])
128
					continue;
129
				if ($is_ipv6 && $gateway['ipprotocol'] == 'inet')
130
					continue;
131
				if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6')
132
					continue;
133
				if (ip_in_subnet($gateway['gateway'], $if_subnet))
134
					continue;
135

    
136
				if (ip_in_subnet($gateway['gateway'], $subnet)) {
137
					$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
138
					break;
139
				}
140
			}
141

    
142
		if ($a_vip[$_GET['id']]['mode'] == "ipalias") {
143
			$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']) . "/" . $a_vip[$_GET['id']]['subnet_bits'];
144
			$found_if = false;
145
			$found_carp = false;
146
			$found_other_alias = false;
147

    
148
			if ($subnet == $if_subnet)
149
				$found_if = true;
150
			
151
			$vipiface = $a_vip[$_GET['id']]['interface'];
152
			foreach ($a_vip as $vip_id => $vip) {
153
				if ($vip_id == $_GET['id'])
154
					continue;
155

    
156
				if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet))
157
					if ($vip['mode'] == "carp")
158
						$found_carp = true;
159
					else if ($vip['mode'] == "ipalias")
160
						$found_other_alias = true;
161
			}
162

    
163
			if ($found_carp === true && $found_other_alias === false && $found_if === false)
164
				$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
165
		} else if ($a_vip[$_GET['id']]['mode'] == "carp") {
166
			$vipiface = "{$a_vip[$_GET['id']]['interface']}_vip{$a_vip[$_GET['id']]['vhid']}";
167
			foreach ($a_vip as $vip) {
168
				if ($vipiface == $vip['interface'] && $vip['mode'] == "ipalias")
169
					$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by an IP alias entry with the description") . " {$vip['descr']}.";
170
			}
171
		}
172
		
173
		if (!$input_errors) {
174
			if (!session_id())
175
				session_start();
176
			$user = getUserEntry($_SESSION['Username']);
177
			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
178
				header("Location: firewall_virtual_ip.php");
179
				exit;
180
			}
181
			session_commit();
182

    
183
			// Special case since every proxyarp vip is handled by the same daemon.
184
			if ($a_vip[$_GET['id']]['mode'] == "proxyarp") {
185
				$viface = $a_vip[$_GET['id']]['interface'];
186
				unset($a_vip[$_GET['id']]);
187
				interface_proxyarp_configure($viface);
188
			} else {
189
				interface_vip_bring_down($a_vip[$_GET['id']]);
190
				unset($a_vip[$_GET['id']]);
191
			}
192
			if (count($config['virtualip']['vip']) == 0)
193
				unset($config['virtualip']['vip']);
194
			write_config();
195
			header("Location: firewall_virtual_ip.php");
196
			exit;
197
		}
198
	}
199
} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id']))
200
	$id = $_GET['id'];
201

    
202
$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses"));
203
include("head.inc");
204

    
205
?>
206
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
207
<?php include("fbegin.inc"); ?>
208
<form action="firewall_virtual_ip.php" method="post">
209
<?php 
210
	if ($input_errors) 
211
		print_input_errors($input_errors);
212
	else
213
	if ($savemsg) 
214
		print_info_box($savemsg); 
215
	else
216
	if (is_subsystem_dirty('vip'))
217
		print_info_box_np(gettext("The VIP configuration has been changed.")."<br />".gettext("You must apply the changes in order for them to take effect."));
218
?>
219
<br />
220
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="virtual ip">
221
  <tr><td class="tabnavtbl">
222
  <?php
223
        /* active tabs */
224
        $tab_array = array();
225
        $tab_array[] = array(gettext("Virtual IPs"), true, "firewall_virtual_ip.php");
226
        $tab_array[] = array(gettext("CARP Settings"), false, "system_hasync.php");
227
        display_top_tabs($tab_array);
228
  ?>
229
  </td></tr>
230
  <tr>
231
	<td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td>
232
  </tr>
233
  <tr>
234
    <td>
235
	<div id="mainarea">
236
              <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
237
                <tr>
238
                  <td width="30%" class="listhdrr"><?=gettext("Virtual IP address");?></td>
239
                  <td width="10%" class="listhdrr"><?=gettext("Interface");?></td>
240
                  <td width="10%" class="listhdrr"><?=gettext("Type");?></td>
241
                  <td width="40%" class="listhdr"><?=gettext("Description");?></td>
242
                  <td width="10%" class="list">
243
                    <table border="0" cellspacing="0" cellpadding="1" summary="edit">
244
                      <tr>
245
			<td width="17"></td>
246
                        <td valign="middle"><a href="firewall_virtual_ip_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="edit" /></a></td>
247
                      </tr>
248
                    </table>
249
		  </td>
250
		</tr>
251
		<?php
252
			$interfaces = get_configured_interface_with_descr(false, true);
253
			$carplist = get_configured_carp_interface_list();
254
			foreach ($carplist as $cif => $carpip)
255
				$interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")";
256
			$interfaces['lo0'] = "Localhost";
257
		?>
258
			  <?php $i = 0; foreach ($a_vip as $vipent): ?>
259
			  <?php if($vipent['subnet'] <> "" or $vipent['range'] <> "" or
260
			        $vipent['subnet_bits'] <> "" or (isset($vipent['range']['from']) && $vipent['range']['from'] <> "")): ?>
261
                <tr>
262
                  <td class="listlr" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
263
					<?php	if (($vipent['type'] == "single") || ($vipent['type'] == "network"))
264
								if($vipent['subnet_bits'])
265
									echo "{$vipent['subnet']}/{$vipent['subnet_bits']}";
266
							if ($vipent['type'] == "range")
267
								echo "{$vipent['range']['from']}-{$vipent['range']['to']}";
268
					?>
269
					<?php if($vipent['mode'] == "carp") echo " (vhid {$vipent['vhid']})"; ?>
270
                  </td>
271
                  <td class="listr" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
272
                    <?=htmlspecialchars($interfaces[$vipent['interface']]);?>&nbsp;
273
                  </td>
274
                  <td class="listr" align="center" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
275
                    <?php if($vipent['mode'] == "proxyarp") echo "<img src='./themes/".$g['theme']."/images/icons/icon_parp.gif' title='Proxy ARP' alt='proxy arp' />"; elseif($vipent['mode'] == "carp") echo "<img src='./themes/".$g['theme']."/images/icons/icon_carp.gif' title='CARP' alt='carp' />"; elseif($vipent['mode'] == "other") echo "<img src='./themes/".$g['theme']."/images/icons/icon_other.gif' title='Other' alt='other' />"; elseif($vipent['mode'] == "ipalias") echo "<img src='./themes/".$g['theme']."/images/icons/icon_ifalias.gif' title='IP Alias' alt='ip alias' />";?>
276
                  </td>
277
                  <td class="listbg" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';">
278
                    <?=htmlspecialchars($vipent['descr']);?>&nbsp;
279
                  </td>
280
                  <td class="list nowrap">
281
                    <table border="0" cellspacing="0" cellpadding="1" summary="icons">
282
                      <tr>
283
                        <td valign="middle"><a href="firewall_virtual_ip_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="edit" /></a></td>
284
                        <td valign="middle"><a href="firewall_virtual_ip.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext('Do you really want to delete this entry?');?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /></a></td>
285
                      </tr>
286
                    </table>
287
                  </td>
288
                </tr>
289
		<?php endif; ?>
290
                <?php $i++; endforeach; ?>
291
			<tfoot>
292
				<tr>
293
					<td class="list" colspan="4"></td>
294
					<td class="list">
295
						<table border="0" cellspacing="0" cellpadding="1" summary="edit">
296
							<tr>
297
								<td width="17"></td>
298
								<td valign="middle"><a href="firewall_virtual_ip_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="edit" /></a></td>
299
							</tr>
300
						</table>
301
					</td>
302
				</tr>
303
				<tr>
304
					<td colspan="5">
305
					  <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br />
306
							  </strong></span><?=gettext("The virtual IP addresses defined on this page may be used in");?><a href="firewall_nat.php"> <?=gettext("NAT"); ?> </a><?=gettext("mappings.");?><br />
307
							  <?=gettext("You can check the status of your CARP Virtual IPs and interfaces ");?><a href="carp_status.php"><?=gettext("here");?></a>.</span></p>
308
					</td>
309
				</tr>
310
			</tfoot>
311
		</table>
312
	   </div><!-- div:mainarea -->
313
	   </td></tr>
314
	</table>
315
  </form>
316
<?php include("fend.inc"); ?>
317
</body>
318
</html>
(80-80/256)