my %configinputfw=();
my %configoutgoingfw=();
my %configdmzfw=();
+my %confignatfw=();
my %aliases=();
my @DPROT=();
my @p2ps=();
my $configfwdfw = "${General::swroot}/forward/config";
my $configinput = "${General::swroot}/forward/input";
my $configoutgoing = "${General::swroot}/forward/outgoing";
+my $confignat = "${General::swroot}/forward/nat";
my $p2pfile = "${General::swroot}/forward/p2protocols";
my $configgrp = "${General::swroot}/fwhosts/customgroups";
my $netsettings = "${General::swroot}/ethernet/settings";
my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT);
my $CHAIN="FORWARDFW";
my $conexists='off';
-
+my $command = 'iptables -A';
+my $dnat='';
+my $snat='';
&General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings);
&General::readhash("$netsettings", \%defaultNetworks);
&General::readhasharray($configdmz, \%configdmzfw);
&General::readhasharray($configfwdfw, \%configfwdfw);
&General::readhasharray($configinput, \%configinputfw);
&General::readhasharray($configoutgoing, \%configoutgoingfw);
+&General::readhasharray($confignat, \%confignatfw);
&General::readhasharray($configgrp, \%customgrp);
&General::get_aliases(\%aliases);
if (-f "/var/ipfire/red/active"){
$conexists='on';
}
-
+open (CONN1,"/var/ipfire/red/local-ipaddress");
+my $redip = <CONN1>;
+close(CONN1);
################################
# DEBUG/TEST #
################################
if (! -z "${General::swroot}/forward/outgoing"){
&buildrules(\%configoutgoingfw);
}
+ if (! -z "${General::swroot}/forward/nat"){
+ &buildrules(\%confignatfw);
+ }
}
sub buildrules
{
my $hash=shift;
my $STAG;
+ my $natip;
+ my $snatport;
+ my $fireport;
foreach my $key (sort {$a <=> $b} keys %$hash){
next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' );
+ if ($$hash{$key}[28] eq 'ON'){
+ $command='iptables -t nat -A';
+ $natip=&get_nat_ip($$hash{$key}[29]);
+ if($$hash{$key}[31] eq 'dnat'){
+ $$hash{$key}[0]='DNAT';
+ $fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0);
+ }else{
+ $$hash{$key}[0]='SNAT';
+ }
+ }
$STAG='';
if($$hash{$key}[2] eq 'ON'){
#get source ip's
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
- print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n";
}
- print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n";
}
- }else{
+ }elsif($$hash{$key}[28] ne 'ON'){
if ($$hash{$key}[17] eq 'ON'){
- print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
}
- print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'dnat'){
+ #if ($$hash{$key}[17] eq 'ON'){
+ #print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ #}
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $targethash{$b}[0]$DPORT\n";
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){
+ print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
}
}
}
my @icmprule= split(",",substr($DPORT, 12,));
foreach (@icmprule){
if ($$hash{$key}[17] eq 'ON'){
- system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
+ system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG");
}
- system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
+ system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]");
+ }
+ }elsif($$hash{$key}[28] ne 'ON'){
+ if ($$hash{$key}[17] eq 'ON'){
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
+ }
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n";
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){
+ if ($$hash{$key}[17] eq 'ON'){
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n";
}
- }else{
+ my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT);
+ my ($ip,$sub) =split("/",$targethash{$b}[0]);
+ system "iptables -A PORTFWACCESS $PROT $STAG $sourcehash{$a}[0] -d $targethash{$b}[0] $fwaccessdport $TIME \n";
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n";
+ }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){
if ($$hash{$key}[17] eq 'ON'){
- system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n";
}
- system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]");
+ system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n";
}
}
}
undef $TIME;
undef $TIMEFROM;
undef $TIMETILL;
+ undef $fireport;
}
}
+sub get_nat_ip
+{
+ my $val=shift;
+ my $result;
+ if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){
+ $result=$defaultNetworks{$val.'_ADDRESS'};
+ }elsif($val eq 'ALL'){
+ $result='-i '.$con;
+ }elsif($val eq 'Default IP'){
+ $result='-d '.$redip;
+ }else{
+ foreach my $al (sort keys %aliases){
+ if($val eq $al){
+ $result='-d '.$aliases{$al}{'IPT'};
+ }
+ }
+ }
+ return $result;
+}
sub get_time
{
my $val=shift;
}
}
}
-
sub get_address
{
my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey
if(index($$hash{$key}[10],",") > 0){
return "-m multiport --sport $$hash{$key}[10] ";
}else{
- return "--sport $$hash{$key}[10] ";
+ if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ||($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat') ){
+ return "--sport $$hash{$key}[10] ";
+ }else{
+ return ":$$hash{$key}[10]";
+ }
}
}elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[9] ";
if(index($$hash{$key}[15],",") > 0){
return "-m multiport --dport $$hash{$key}[15] ";
}else{
- return "--dport $$hash{$key}[15] ";
+ if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){
+ return "--dport $$hash{$key}[15] ";
+ }else{
+ return ":$$hash{$key}[15]";
+ }
}
}elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){
return "--icmp-type $$hash{$key}[13] ";
sub checktarget
{
my ($ip,$subnet);
-
+ &General::readhasharray("$configsrv", \%customservice);
+ #check DNAT settings (has to be single Host and single Port)
+ if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
+ if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
+ if ($fwdfwsettings{'USESRV'} eq ''){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
+ #check if manual ip is a single Host (if set)
+ if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
+ my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
+ my @tmp1= split ("/",$tmp[3]);
+ if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
+ {
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ }
+ }
+ #check if Port is a single Port
+ if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
+ if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
+ if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
+ }
+ }else{
+ $errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
+ }
+ }
if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){
#check if ip with subnet
if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) {
if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){
$errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."<br>";
}
-
}elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){
$errormessage.=$Lang::tr{'fwdfw err notgtip'};
return $errormessage;
}
-
#check empty fields
if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."<br>";}
-
#check tgt services
if ($fwdfwsettings{'USESRV'} eq 'ON'){
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
}
return $errormessage;
}
+sub check_natport
+{
+ my $val=shift;
+ if ($val =~ "," || $val =~ ":" || $val>65536 || $val<0){
+ return 0;
+ }
+ return 1;
+}
sub checkrule
{
+ #check valid port for NAT
+ if($fwdfwsettings{'USE_NAT'} eq 'ON'){
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};}
+ if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
+ elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){
+ my $custsrvport;
+ #get servcie Protocol and Port
+ foreach my $key (sort keys %customservice){
+ if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){
+ if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){
+ $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."<br>";
+ }
+ $custsrvport= $customservice{$key}[1];
+ }
+ }
+ if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;}
+ }
+ }
#check valid remark
if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
$errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
$errormessage.=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
-
#get source and targetip address if possible
my ($sip,$scidr,$tip,$tcidr);
($sip,$scidr)=&get_ip("src","grp1");
($tip,$tcidr)=&get_ip("tgt","grp2");
-
#check same iprange in source and target
if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){
my $networkip1=&General::getnetworkip($sip,$scidr);
}
}
}
-
#check source and destination protocol if manual
if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){
if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
}
#check source and destination protocol if source manual and dest servicegrp
if ($fwdfwsettings{'grp3'} eq 'cust_srv'){
- &General::readhasharray("$configsrv", \%customservice);
foreach my $key (sort keys %customservice){
if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){
if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){
$checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED';
$checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED';
$checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED';
+ $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED';
$selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected';
$selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected';
$selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected';
$fwdfwsettings{'TIME_FROM'} = $hash{$key}[26];
$fwdfwsettings{'TIME_TO'} = $hash{$key}[27];
$fwdfwsettings{'USE_NAT'} = $hash{$key}[28];
- $fwdfwsettings{'nat'} = $hash{$key}[32]; #changed order
+ $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order
$fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29];
- $fwdfwsettings{'snatport'} = $hash{$key}[30];
- $fwdfwsettings{'dnatport'} = $hash{$key}[31];
+ $fwdfwsettings{'dnatport'} = $hash{$key}[30];
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
&Header::openbox('100%', 'left', 'NAT');
print<<END;
<table width='100%' border='0'>
- <tr><td width='1%'><input type='checkbox' name='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td>USE NAT</td><td colspan='5'></td></tr>
- <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='dnat' checked ></td><td width='20%'> DNAT</td>
+ <tr><td width='1%'><input type='checkbox' name='USE_NAT' value='ON' $checked{'USE_NAT'}{'ON'}></td><td width='15%'>$Lang::tr{'fwdfw use nat'}</td><td colspan='5'></td></tr>
+ <tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='dnat' checked ></td><td width='50%'>$Lang::tr{'fwdfw dnat'}</td>
END
if (! -z "${General::swroot}/ethernet/aliases"){
- print"<td width='8%'>IPFire: </td><td width='20% align='right'><select name='dnat' style='width:140px;'>";
+ print"<td width='8%'>IPFire: </td><td width='20%' align='right'><select name='dnat' style='width:140px;'>";
print "<option value='ALL' $selected{'dnat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
print "<option value='Default IP' $selected{'dnat'}{'Default IP'}>Default IP</option>";
{
print "<option value='$alias' $selected{'dnat'}{$alias}>$alias</option>";
}
- #foreach my $network (sort keys %defaultNetworks)
- #{
- #next if($defaultNetworks{$network}{'NAME'} eq "RED");
- #next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
- #next if($defaultNetworks{$network}{'NAME'} eq "ALL");
- #print "<option value='$defaultNetworks{$network}{'NAME'}'";
- #print " selected='selected'" if ($fwdfwsettings{'snatipfire'} eq $defaultNetworks{$network}{'NAME'});
- #print ">$network</option>";
- #}
}else{
print"<td></td><td style='width:200px;'><input type='hidden' name ='ipfire' value='Default IP'>";
}
print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='dnatport' style='width:130px;' value=$fwdfwsettings{'dnatport'}> </td></tr>";
print"<tr><td colspan='8'><br></td></tr>";
#SNAT
- print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'> SNAT</td>";
- print"<td width='8%'>IPFire: </td><td width='20% align='right'><select name='snat' style='width:140px;'>";
- print "<option value='ALL' $selected{'snat'}{$Lang::tr{'all'}}>$Lang::tr{'all'}</option>";
+ print"<tr><td colspan='2'></td><td width='1%'><input type='radio' name='nat' value='snat' $checked{'nat'}{'snat'}></td><td width='20%'>$Lang::tr{'fwdfw snat'}</td>";
+ print"<td width='8%'>IPFire: </td><td width='20%' align='right'><select name='snat' style='width:140px;'>";
print "<option value='Default IP' $selected{'snat'}{'Default IP'}>Default IP</option>";
foreach my $alias (sort keys %aliases)
{
next if($defaultNetworks{$network}{'NAME'} eq "RED");
next if($defaultNetworks{$network}{'NAME'} eq "IPFire");
next if($defaultNetworks{$network}{'NAME'} eq "ALL");
+ next if($defaultNetworks{$network}{'NAME'} =~ /OpenVPN/i);
print "<option value='$defaultNetworks{$network}{'NAME'}'";
print " selected='selected'" if ($fwdfwsettings{$fwdfwsettings{'nat'}} eq $defaultNetworks{$network}{'NAME'});
print ">$network</option>";
}
- print"<tr><td colspan='4'></td><td>Port: </td><td align='right'><input type='text' name='snatport' style='width:130px;'value=$fwdfwsettings{'snatport'} > </td></tr>";
print"</table>";
print"<hr>";
&Header::closebox();
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
$$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
- $$hash{$key}[30] = $fwdfwsettings{'snatport'};
- $$hash{$key}[31] = $fwdfwsettings{'dnatport'};
- $$hash{$key}[32] = $fwdfwsettings{'nat'};
+ $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+ $$hash{$key}[31] = $fwdfwsettings{'nat'};
}
&General::writehasharray("$config", $hash);
}else{
if($fwdfwsettings{'USE_NAT'} eq 'ON'){
$$hash{$key}[28] = $fwdfwsettings{'USE_NAT'};
$$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}};
- $$hash{$key}[30] = $fwdfwsettings{'snatport'};
- $$hash{$key}[31] = $fwdfwsettings{'dnatport'};
- $$hash{$key}[32] = $fwdfwsettings{'nat'};
+ $$hash{$key}[30] = $fwdfwsettings{'dnatport'};
+ $$hash{$key}[31] = $fwdfwsettings{'nat'};
}
last;
}
$tdcolor='';
&getsrcport(\%$hash,$key);
#Is this a SNAT rule?
- if ($$hash{$key}[32] eq 'snat'){
+ if ($$hash{$key}[31] eq 'snat'){
print"<br>SNAT -> $$hash{$key}[29]";
if ($$hash{$key}[30] ne ''){
print": $$hash{$key}[30]";
<td align='center' width='160' $tdcolor>
END
#Is this a DNAT rule?
- if ($$hash{$key}[32] eq 'dnat'){
+ if ($$hash{$key}[31] eq 'dnat'){
print "IPFire ($$hash{$key}[29])";
- if($$hash{$key}[31] ne ''){
- print": $$hash{$key}[31]";
+ if($$hash{$key}[30] ne ''){
+ print": $$hash{$key}[30]";
}
print"<br> DNAT->";
}
'fwdfw cust net' => 'Custom Netzwerke:',
'fwdfw copy' => 'Kopieren',
'fwdfw delete' => 'Löschen',
+'fwdfw dnat' => 'DNAT/Portforward (ersetze diese IP mit der aus ZIEL)',
+'fwdfw dnat error' => 'Für DNAT muss ein einzelner Host als ZIEL gewählt werden. Gruppen oder Netzwerke sind nicht erlaubt',
+'fwdfw dnat porterr' => 'Für NAT muss ein einzelner PORT (TCP/UDP) angegeben werden',
'fwdfw DROP' => 'Verwerfen (DROP)',
'fwdfw edit' => 'Bearbeiten',
'fwdfw err nosrc' => 'Keine Quelle gewählt',
'fwdfw rule action' => 'Regelaktion:',
'fwdfw rule activate' => 'Regel aktivieren',
'fwdfw rulepos' => 'Regelposition',
+'fwdfw snat' => 'SNAT (ersetze die Adresse(n) von QUELLE mit dieser)',
'fwdfw source' => 'Quelle',
'fwdfw sourceip' => 'Quelladresse (MAC, IP oder Netzwerk):',
'fwdfw std network' => 'Standard Netzwerke:',
'fwdfw timeframe' => 'Zeitrahmen hinzufügen',
'fwdfw toggle' => 'Aktivieren oder deaktivieren',
'fwdfw togglelog' => 'Log aktivieren oder deaktivieren',
+'fwdfw use nat' => 'NAT benutzen',
'fwdfw useless rule' => 'Diese Regel ist nicht zugelassen.',
'fwdfw use srcport' => 'Quellport benutzen',
'fwdfw use srv' => 'Zielport benutzen',
'fwdfw cust net' => 'Custom networks:',
'fwdfw copy' => 'Copy',
'fwdfw delete' => 'Delete',
+'fwdfw dnat' => 'DNAT/Portforward (replace this IP with the one from TARGET)',
+'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.',
+'fwdfw dnat porterr' => 'You have to select a single port (tcp/udp) for NAT',
'fwdfw DROP' => 'DROP',
'fwdfw edit' => 'Edit',
'fwdfw err nosrc' => 'No source selected.',
'fwdfw rule action' => 'Rule action:',
'fwdfw rule activate' => 'Activate rule',
'fwdfw rulepos' => 'Ruleposition',
+'fwdfw snat' => 'SNAT (replace the addresse(s) from SOURCE with this address)',
'fwdfw source' => 'Source',
'fwdfw sourceip' => 'Source address (MAC, IP or Network):',
'fwdfw std network' => 'Standard networks:',
'fwdfw timeframe' => 'Add timeframe',
'fwdfw toggle' => 'Activate or deactivate',
'fwdfw togglelog' => 'Activate or deactivate logging',
+'fwdfw use nat' => 'Use NAT',
'fwdfw useless rule' => 'This rule is rejected (useless).',
'fwdfw use srcport' => 'Use sourceport',
'fwdfw use srv' => 'Use targetport',