webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: support for SNAT/DNAT in GUI and rules.pl

Browse Source
This commit is contained in:
Alexander Marx
2013-03-19 04:48:23 +01:00
committed by Michael Tremer
parent 2669161dab
commit a6edca5a89
4 changed files with 169 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
config/forwardfw/rules.pl
View File

@@ -45,6 +45,7 @@ my @timeframe=();
my %configinputfw=();
my %configoutgoingfw=();
my %configdmzfw=();
my %confignatfw=();
my %aliases=();
my @DPROT=();
my @p2ps=();
@@ -56,6 +57,7 @@ my $configdmz = "${General::swroot}/forward/dmz";
my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input";
my $configoutgoing = "${General::swroot}/forward/outgoing";
my $confignat = "${General::swroot}/forward/nat";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
@@ -66,13 +68,16 @@ my $blue;
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
my $CHAIN="FORWARDFW";
my $conexists='off';
my $command = 'iptables -A';
my $dnat='';
my $snat='';
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configdmz, \%configdmzfw);
&General::readhasharray($configfwdfw, \%configfwdfw);
&General::readhasharray($configinput, \%configinputfw);
&General::readhasharray($configoutgoing, \%configoutgoingfw);
&General::readhasharray($confignat, \%confignatfw);
&General::readhasharray($configgrp, \%customgrp);
&General::get_aliases(\%aliases);
@@ -83,7 +88,9 @@ close(CONN);
if (-f "/var/ipfire/red/active"){
$conexists='on';
}
open (CONN1,"/var/ipfire/red/local-ipaddress");
my $redip = <CONN1>;
close(CONN1);
################################
# DEBUG/TEST #
################################
@@ -155,13 +162,29 @@ sub preparerules
if (! -z "${General::swroot}/forward/outgoing"){
&buildrules(\%configoutgoingfw);
}
if (! -z "${General::swroot}/forward/nat"){
&buildrules(\%confignatfw);
}
}
sub buildrules
{
my $hash=shift;
my $STAG;
my $natip;
my $snatport;
my $fireport;
foreach my $key (sort {$a <=> $b} keys %$hash){
next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' );
if ($$hash{$key}[28] eq 'ON'){
$command='iptables -t nat -A';
$natip=&get_nat_ip($$hash{$key}[29]);
if($$hash{$key}[31] eq 'dnat'){
$$hash{$key}[0]='DNAT';
$fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0);
}else{
$$hash{$key}[0]='SNAT';
}
}
$STAG='';
if($$hash{$key}[2] eq 'ON'){
#get source ip's
@@ -248,15 +271,22 @@ sub buildrules
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
}
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
}
}else{
}elsif($$hash{$key}[28] ne 'ON'){
if ($$hash{$key}[17] eq 'ON'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
}
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'dnat'){
#if ($$hash{$key}[17] eq 'ON'){
#print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $targethash{$b}[0] $DPORT $TIME -j LOG\n";
#}
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $targethash{$b}[0]$DPORT\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
}
}
}
@@ -278,15 +308,28 @@ sub buildrules
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
}
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
}
}else{
}elsif($$hash{$key}[28] ne 'ON'){
if ($$hash{$key}[17] eq 'ON'){
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
}
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]");
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
if ($$hash{$key}[17] eq 'ON'){
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
my ($ip,$sub) =split("/",$targethash{$b}[0]);
system "iptables -A PORTFWACCESS $PROT $STAG $sourcehash{$a}[0] -d $targethash{$b}[0] $fwaccessdport $TIME \n";
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
if ($$hash{$key}[17] eq 'ON'){
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n";
}
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
}
}
}
@@ -300,8 +343,28 @@ sub buildrules
undef $TIME;
undef $TIMEFROM;
undef $TIMETILL;
undef $fireport;
}
}
sub get_nat_ip
{
my $val=shift;
my $result;
if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){
$result=$defaultNetworks{$val.'_ADDRESS'};
}elsif($val eq 'ALL'){
$result='-i '.$con;
}elsif($val eq 'Default IP'){
$result='-d '.$redip;
}else{
foreach my $al (sort keys %aliases){
if($val eq $al){
$result='-d '.$aliases{$al}{'IPT'};
}
}
}
return $result;
}
sub get_time
{
my $val=shift;
@@ -364,7 +427,6 @@ sub p2pblock
}
}
}
sub get_address
{
my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
@@ -439,7 +501,11 @@ sub get_port
if(index($$hash{$key}[10],",") > 0){
return "-m multiport --sport $$hash{$key}[10] ";
}else{
return "--sport $$hash{$key}[10] ";
if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ||($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat') ){
return "--sport $$hash{$key}[10] ";
}else{
return ":$$hash{$key}[10]";
}
}
}elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[9] ";
@@ -454,7 +520,11 @@ sub get_port
if(index($$hash{$key}[15],",") > 0){
return "-m multiport --dport $$hash{$key}[15] ";
}else{
return "--dport $$hash{$key}[15] ";
if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
return "--dport $$hash{$key}[15] ";
}else{
return ":$$hash{$key}[15]";
}
}
}elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[13] ";

111
html/cgi-bin/forwardfw.cgi
View File

@@ -765,7 +765,35 @@ sub checksource
sub checktarget
{
my ($ip,$subnet);
&General::readhasharray("$configsrv", \%customservice);
#check DNAT settings (has to be single Host and single Port)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
if ($fwdfwsettings{'USESRV'} eq ''){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
#check if manual ip is a single Host (if set)
if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
my @tmp1= split ("/",$tmp[3]);
if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
{
$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
}
}
#check if Port is a single Port
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
}
}else{
$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
}
}
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
@@ -785,15 +813,12 @@ sub checktarget
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
}
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
#check tgt services
if ($fwdfwsettings{'USESRV'} eq 'ON'){
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
@@ -886,8 +911,36 @@ sub checktarget
}
return $errormessage;
}
sub check_natport
{
my $val=shift;
if ($val =~ "," || $val =~ ":" || $val>65536 || $val<0){
return 0;
}
return 1;
}
sub checkrule
{
#check valid port for NAT
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
my $custsrvport;
#get servcie Protocol and Port
foreach my $key (sort keys %customservice){
if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
$errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
}
$custsrvport= $customservice{$key}[1];
}
}
if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;}
}
}
#check valid remark
if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
@@ -897,12 +950,10 @@ sub checkrule
$errormessage.=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
#get source and targetip address if possible
my ($sip,$scidr,$tip,$tcidr);
($sip,$scidr)=&get_ip("src","grp1");
($tip,$tcidr)=&get_ip("tgt","grp2");
#check same iprange in source and target
if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
my $networkip1=&General::getnetworkip($sip,$scidr);
@@ -924,7 +975,6 @@ sub checkrule
}
}
}
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
@@ -932,7 +982,6 @@ sub checkrule
}
#check source and destination protocol if source manual and dest servicegrp
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
&General::readhasharray("$configsrv", \%customservice);
foreach my $key (sort keys %customservice){
if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
@@ -1442,6 +1491,7 @@ sub newrule
$checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
$checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
$checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
@@ -1481,10 +1531,9 @@ sub newrule
$fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
$fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
$fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
$fwdfwsettings{'nat'} = $hash{$key}[32]; #changed order
$fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
$fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
$fwdfwsettings{'snatport'} = $hash{$key}[30];
$fwdfwsettings{'dnatport'} = $hash{$key}[31];
$fwdfwsettings{'dnatport'} = $hash{$key}[30];
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
@@ -1686,11 +1735,11 @@ END
&Header::openbox('100%', 'left', 'NAT');
print<<END;
<table width='100%' border='0'>
<tr><td width='1%'><input type='checkbox' name='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td>USE NAT</td><td colspan='5'></td></tr>
<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='dnat' checked ></td><td width='20%'> DNAT</td>
<tr><td width='1%'><input type='checkbox' name='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr>
<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
END
if (! -z "${General::swroot}/ethernet/aliases"){
print"<td width='8%'>IPFire: </td><td width='20% align='right'><select name='dnat' style='width:140px;'>";
print"<td width='8%'>IPFire: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
@@ -1698,15 +1747,6 @@ END
{
print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
}
#foreach my $network (sort keys %defaultNetworks)
#{
#next if($defaultNetworks{$network}{'NAME'} eq "RED");
#next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
#next if($defaultNetworks{$network}{'NAME'} eq "ALL");
#print "<option value='$defaultNetworks{$network}{'NAME'}'";
#print " selected='selected'" if ($fwdfwsettings{'snatipfire'} eq $defaultNetworks{$network}{'NAME'});
#print ">$network</option>";
#}
}else{
print"<td></td><td style='width:200px;'><input type='hidden' name ='ipfire' value='Default IP'>";
}
@@ -1714,9 +1754,8 @@ END
print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=$fwdfwsettings{'dnatport'}> </td></tr>";
print"<tr><td colspan='8'><br></td></tr>";
#SNAT
print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'> SNAT</td>";
print"<td width='8%'>IPFire: </td><td width='20% align='right'><select name='snat' style='width:140px;'>";
print "<option value='ALL' $selected{'snat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>";
print"<td width='8%'>IPFire: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>";
print "<option value='Default IP' $selected{'snat'}{'Default IP'}>Default IP</option>";
foreach my $alias (sort keys %aliases)
{
@@ -1727,11 +1766,11 @@ END
next if($defaultNetworks{$network}{'NAME'} eq "RED");
next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
next if($defaultNetworks{$network}{'NAME'} eq "ALL");
next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
}
print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='snatport' style='width:130px;'value=$fwdfwsettings{'snatport'} > </td></tr>";
print"</table>";
print"<hr>";
&Header::closebox();
@@ -2065,9 +2104,8 @@ sub saverule
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
$$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
$$hash{$key}[30] = $fwdfwsettings{'snatport'};
$$hash{$key}[31] = $fwdfwsettings{'dnatport'};
$$hash{$key}[32] = $fwdfwsettings{'nat'};
$$hash{$key}[30] = $fwdfwsettings{'dnatport'};
$$hash{$key}[31] = $fwdfwsettings{'nat'};
}
&General::writehasharray("$config", $hash);
}else{
@@ -2104,9 +2142,8 @@ sub saverule
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
$$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
$$hash{$key}[30] = $fwdfwsettings{'snatport'};
$$hash{$key}[31] = $fwdfwsettings{'dnatport'};
$$hash{$key}[32] = $fwdfwsettings{'nat'};
$$hash{$key}[30] = $fwdfwsettings{'dnatport'};
$$hash{$key}[31] = $fwdfwsettings{'nat'};
}
last;
}
@@ -2304,7 +2341,7 @@ END
$tdcolor='';
&getsrcport(\%$hash,$key);
#Is this a SNAT rule?
if ($$hash{$key}[32] eq 'snat'){
if ($$hash{$key}[31] eq 'snat'){
print"<br>SNAT -> $$hash{$key}[29]";
if ($$hash{$key}[30] ne ''){
print": $$hash{$key}[30]";
@@ -2329,10 +2366,10 @@ END
<td align='center' width='160' $tdcolor>
END
#Is this a DNAT rule?
if ($$hash{$key}[32] eq 'dnat'){
if ($$hash{$key}[31] eq 'dnat'){
print "IPFire ($$hash{$key}[29])";
if($$hash{$key}[31] ne ''){
print": $$hash{$key}[31]";
if($$hash{$key}[30] ne ''){
print": $$hash{$key}[30]";
}
print"<br> DNAT->";
}

5
langs/de/cgi-bin/de.pl
View File

@@ -899,6 +899,9 @@
'fwdfw cust net' => 'Custom Netzwerke:',
'fwdfw copy' => 'Kopieren',
'fwdfw delete' => 'Löschen',
'fwdfw dnat' => 'DNAT/Portforward (ersetze diese IP mit der aus ZIEL)',
'fwdfw dnat error' => 'Für DNAT muss ein einzelner Host als ZIEL gewählt werden. Gruppen oder Netzwerke sind nicht erlaubt',
'fwdfw dnat porterr' => 'Für NAT muss ein einzelner PORT (TCP/UDP) angegeben werden',
'fwdfw DROP' => 'Verwerfen (DROP)',
'fwdfw edit' => 'Bearbeiten',
'fwdfw err nosrc' => 'Keine Quelle gewählt',
@@ -939,6 +942,7 @@
'fwdfw rule action' => 'Regelaktion:',
'fwdfw rule activate' => 'Regel aktivieren',
'fwdfw rulepos' => 'Regelposition',
'fwdfw snat' => 'SNAT (ersetze die Adresse(n) von QUELLE mit dieser)',
'fwdfw source' => 'Quelle',
'fwdfw sourceip' => 'Quelladresse (MAC, IP oder Netzwerk):',
'fwdfw std network' => 'Standard Netzwerke:',
@@ -949,6 +953,7 @@
'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
'fwdfw toggle' => 'Aktivieren oder deaktivieren',
'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
'fwdfw use nat' => 'NAT benutzen',
'fwdfw useless rule' => 'Diese Regel ist nicht zugelassen.',
'fwdfw use srcport' => 'Quellport benutzen',
'fwdfw use srv' => 'Zielport benutzen',

5
langs/en/cgi-bin/en.pl
View File

@@ -924,6 +924,9 @@
'fwdfw cust net' => 'Custom networks:',
'fwdfw copy' => 'Copy',
'fwdfw delete' => 'Delete',
'fwdfw dnat' => 'DNAT/Portforward (replace this IP with the one from TARGET)',
'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.',
'fwdfw dnat porterr' => 'You have to select a single port (tcp/udp) for NAT',
'fwdfw DROP' => 'DROP',
'fwdfw edit' => 'Edit',
'fwdfw err nosrc' => 'No source selected.',
@@ -964,6 +967,7 @@
'fwdfw rule action' => 'Rule action:',
'fwdfw rule activate' => 'Activate rule',
'fwdfw rulepos' => 'Ruleposition',
'fwdfw snat' => 'SNAT (replace the addresse(s) from SOURCE with this address)',
'fwdfw source' => 'Source',
'fwdfw sourceip' => 'Source address (MAC, IP or Network):',
'fwdfw std network' => 'Standard networks:',
@@ -974,6 +978,7 @@
'fwdfw timeframe' => 'Add timeframe',
'fwdfw toggle' => 'Activate or deactivate',
'fwdfw togglelog' => 'Activate or deactivate logging',
'fwdfw use nat' => 'Use NAT',
'fwdfw useless rule' => 'This rule is rejected (useless).',
'fwdfw use srcport' => 'Use sourceport',
'fwdfw use srv' => 'Use targetport',