if ($$hash{$key}[17] eq 'ON'){
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
- my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
my ($ip,$sub) =split("/",$targethash{$b}[0]);
- print "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n";
+ $DPORT =~ s/\-/:/g;
+ my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
+ print "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){
print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
}
if ($$hash{$key}[17] eq 'ON'){
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
- my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
my ($ip,$sub) =split("/",$targethash{$b}[0]);
- system "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n";
+ $DPORT =~ s/\-/:/g;
+ my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
+ system "iptables -A PORTFWACCESS $PROT -i $con -d $ip $fwaccessdport $TIME -j ACCEPT\n";
+
}elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
if ($$hash{$key}[17] eq 'ON'){
system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n";
return;
}
}elsif($$hash{$key}[11] eq 'ON' && $SRC_TGT eq ''){
-
if($$hash{$key}[14] eq 'TGT_PORT'){
if ($$hash{$key}[15] ne ''){
$$hash{$key}[15] =~ s/\|/,/g;
if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
return "--dport $$hash{$key}[15] ";
}else{
+ $$hash{$key}[15] =~ s/\:/-/g;
return ":$$hash{$key}[15]";
}
}
my @values=();
foreach (@parts){
chomp($_);
- if ($_ =~ /^(\d+)\:(\d+)$/) {
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
my $check;
#change dashes with :
$_=~ tr/-/:/;
push(@values,"1:65535");
$check='on';
}
- if ($_ =~ /^(\D)\:(\d+)$/) {
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
push(@values,"1:$2");
$check='on';
}
- if ($_ =~ /^(\d+)\:(\D)$/) {
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/ ) {
push(@values,"$1:65535");
$check='on'
}
if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){
if ($fwdfwsettings{'TGT_PORT'} ne ''){
+ if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'}) {
+ $errormessage=$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
my @parts=split(",",$fwdfwsettings{'TGT_PORT'});
my @values=();
foreach (@parts){
chomp($_);
- if ($_ =~ /^(\d+)\:(\d+)$/) {
+ if ($_ =~ /^(\d+)\-(\d+)$/ || $_ =~ /^(\d+)\:(\d+)$/) {
my $check;
#change dashes with :
$_=~ tr/-/:/;
push(@values,"1:65535");
$check='on';
}
- if ($_ =~ /^(\D)\:(\d+)$/) {
+ if ($_ =~ /^(\D)\:(\d+)$/ || $_ =~ /^(\D)\-(\d+)$/) {
push(@values,"1:$2");
$check='on';
}
- if ($_ =~ /^(\d+)\:(\D)$/) {
+ if ($_ =~ /^(\d+)\:(\D)$/ || $_ =~ /^(\d+)\-(\D)$/) {
push(@values,"$1:65535");
$check='on'
}
sub check_natport
{
my $val=shift;
- if ($val =~ "," || $val =~ ":" || $val>65536 || $val<0){
+ if($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} ne ''){
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\-(\d+)$/) {
+ $fwdfwsettings{'dnatport'} =~ tr/-/:/;
+ if ($fwdfwsettings{'dnatport'} eq "*") {
+ $fwdfwsettings{'dnatport'}="1:65535";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\D)\:(\d+)$/) {
+ $fwdfwsettings{'dnatport'} = "1:$2";
+ }
+ if ($fwdfwsettings{'dnatport'} =~ /^(\d+)\:(\D)$/) {
+ $fwdfwsettings{'dnatport'} ="$1:65535";
+ }
+ }
+ return 1;
+ }
+ if ($val =~ "," || $val>65536 || $val<0){
return 0;
}
return 1;
'fwdfw delete' => 'Löschen',
'fwdfw dnat' => 'DNAT/Portforward (ersetze diese IP mit der aus ZIEL)',
'fwdfw dnat error' => 'Für DNAT muss ein einzelner Host als ZIEL gewählt werden. Gruppen oder Netzwerke sind nicht erlaubt',
-'fwdfw dnat porterr' => 'Für NAT muss ein einzelner PORT (TCP/UDP) angegeben werden',
+'fwdfw dnat porterr' => 'Für NAT muss ein einzelner PORT oder PORTRANGE (TCP/UDP) angegeben werden',
'fwdfw DROP' => 'Verwerfen (DROP)',
'fwdfw edit' => 'Bearbeiten',
'fwdfw err nosrc' => 'Keine Quelle gewählt',
'fwdfw delete' => 'Delete',
'fwdfw dnat' => 'DNAT/Portforward (replace this IP with the one from TARGET)',
'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.',
-'fwdfw dnat porterr' => 'You have to select a single port (tcp/udp) for NAT',
+'fwdfw dnat porterr' => 'You have to select a single port or portrange (tcp/udp) for NAT',
'fwdfw DROP' => 'DROP',
'fwdfw edit' => 'Edit',
'fwdfw err nosrc' => 'No source selected.',