X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fforwardfw.cgi;h=3f4ad306b30e48979c2020457cdb25a43e6dc52b;hp=0bf3a31c3de423c7a01fff4f0929cd75e1000d32;hb=218b3341b6fd9da564ee876c08d8bf2c1b0ec78d;hpb=2669161dab909e57a6642c2dea8d5a70900f4f12 diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 0bf3a31c3..3f4ad306b 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -77,7 +77,7 @@ my %aliases=(); my %optionsfw=(); my %ifaces=(); -my $VERSION='0.9.8.7'; +my $VERSION='0.9.8.9'; my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -765,7 +765,35 @@ sub checksource sub checktarget { my ($ip,$subnet); - + &General::readhasharray("$configsrv", \%customservice); + #check DNAT settings (has to be single Host and single Port) + if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ + if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ + if ($fwdfwsettings{'USESRV'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + #check if manual ip is a single Host (if set) + if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ + my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}}); + my @tmp1= split ("/",$tmp[3]); + if (($tmp1[0] eq "0") || ($tmp1[0] eq "255")) + { + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + } + } + #check if Port is a single Port + if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + } + }else{ + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + } + } if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ #check if ip with subnet if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) { @@ -785,15 +813,12 @@ sub checktarget if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; } - }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } - #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} - #check tgt services if ($fwdfwsettings{'USESRV'} eq 'ON'){ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ @@ -886,8 +911,48 @@ sub checktarget } return $errormessage; } +sub check_natport +{ + my $val=shift; + if ($val =~ "," || $val =~ ":" || $val>65536 || $val<0){ + return 0; + } + return 1; +} sub checkrule { + #check valid port for NAT + if($fwdfwsettings{'USE_NAT'} eq 'ON'){ + #if no port is given in nat area, take target host port + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} + + #check if given nat port is already used by another dnatrule + if($fwdfwsettings{'nat'} eq 'dnat'){ + foreach my $id (sort keys %confignatfw){ + if ($fwdfwsettings{'dnatport'} eq $confignatfw{$id}[30]){ + $errormessage=$Lang::tr{'fwdfw natport used'}."
"; + } + } + } + + #check if port given in nat area is a single valid port + if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ + my $custsrvport; + #get servcie Protocol and Port + foreach my $key (sort keys %customservice){ + if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){ + if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + $custsrvport= $customservice{$key}[1]; + } + } + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;} + } + } #check valid remark if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage.=$Lang::tr{'fwdfw err remark'}."
"; @@ -897,12 +962,10 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err same'}; return $errormessage; } - #get source and targetip address if possible my ($sip,$scidr,$tip,$tcidr); ($sip,$scidr)=&get_ip("src","grp1"); ($tip,$tcidr)=&get_ip("tgt","grp2"); - #check same iprange in source and target if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){ my $networkip1=&General::getnetworkip($sip,$scidr); @@ -924,7 +987,6 @@ sub checkrule } } } - #check source and destination protocol if manual if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ @@ -932,7 +994,6 @@ sub checkrule } #check source and destination protocol if source manual and dest servicegrp if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - &General::readhasharray("$configsrv", \%customservice); foreach my $key (sort keys %customservice){ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ @@ -1442,6 +1503,7 @@ sub newrule $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED'; $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; @@ -1481,10 +1543,9 @@ sub newrule $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26]; $fwdfwsettings{'TIME_TO'} = $hash{$key}[27]; $fwdfwsettings{'USE_NAT'} = $hash{$key}[28]; - $fwdfwsettings{'nat'} = $hash{$key}[32]; #changed order + $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29]; - $fwdfwsettings{'snatport'} = $hash{$key}[30]; - $fwdfwsettings{'dnatport'} = $hash{$key}[31]; + $fwdfwsettings{'dnatport'} = $hash{$key}[30]; $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -1686,37 +1747,22 @@ END &Header::openbox('100%', 'left', 'NAT'); print< - USE NAT - DNAT + $Lang::tr{'fwdfw use nat'} + $Lang::tr{'fwdfw dnat'} END - if (! -z "${General::swroot}/ethernet/aliases"){ - print"IPFire: "; + print"IPFire: "; print"
"; #SNAT - print" SNAT"; - print"IPFire: $Lang::tr{'fwdfw snat'}"; + print"IPFire: "; print""; print"
"; &Header::closebox(); @@ -2065,9 +2111,8 @@ sub saverule if($fwdfwsettings{'USE_NAT'} eq 'ON'){ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; - $$hash{$key}[30] = $fwdfwsettings{'snatport'}; - $$hash{$key}[31] = $fwdfwsettings{'dnatport'}; - $$hash{$key}[32] = $fwdfwsettings{'nat'}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; } &General::writehasharray("$config", $hash); }else{ @@ -2104,9 +2149,8 @@ sub saverule if($fwdfwsettings{'USE_NAT'} eq 'ON'){ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; - $$hash{$key}[30] = $fwdfwsettings{'snatport'}; - $$hash{$key}[31] = $fwdfwsettings{'dnatport'}; - $$hash{$key}[32] = $fwdfwsettings{'nat'}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; } last; } @@ -2304,7 +2348,7 @@ END $tdcolor=''; &getsrcport(\%$hash,$key); #Is this a SNAT rule? - if ($$hash{$key}[32] eq 'snat'){ + if ($$hash{$key}[31] eq 'snat'){ print"
SNAT -> $$hash{$key}[29]"; if ($$hash{$key}[30] ne ''){ print": $$hash{$key}[30]"; @@ -2329,10 +2373,10 @@ END END #Is this a DNAT rule? - if ($$hash{$key}[32] eq 'dnat'){ + if ($$hash{$key}[31] eq 'dnat'){ print "IPFire ($$hash{$key}[29])"; - if($$hash{$key}[31] ne ''){ - print": $$hash{$key}[31]"; + if($$hash{$key}[30] ne ''){ + print": $$hash{$key}[30]"; } print"
DNAT->"; }