]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/commitdiff
projects / people / teissler / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: c3a86f4)
firewall: Fix accessing port forwardings from internal networks.
authorMichael Tremer <michael.tremer@ipfire.org>
Sun, 20 Apr 2014 16:13:35 +0000 (18:13 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sun, 20 Apr 2014 16:13:35 +0000 (18:13 +0200)
When a different "external port" was used, false rules have
been created in the mangle table.

config/firewall/rules.pl patch | blob | blame | history

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 2c314d16e5d320fc0a6499669f722974e161979a..c0ddcb2d69ed96937c3f8e66cad08d8e17b8cd95 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -354,20 +354,21 @@ sub buildrules {
 
                                                # Destination NAT
                                                if ($NAT_MODE eq "DNAT") {
-                                                       # Make port-forwardings useable from the internal networks.
-                                                       my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
-                                                       unless ($nat_address ~~ @internal_addresses) {
-                                                               &add_dnat_mangle_rules($nat_address, @options);
-                                                       }
-
                                                        my @nat_options = ();
                                                        if ($protocol ne "all") {
                                                                my @nat_protocol_options = &get_protocol_options($hash, $key, $protocol, 1);
                                                                push(@nat_options, @nat_protocol_options);
                                                        }
+                                                       push(@nat_options, @time_options);
+
+                                                       # Make port-forwardings useable from the internal networks.
+                                                       my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
+                                                       unless ($nat_address ~~ @internal_addresses) {
+                                                               &add_dnat_mangle_rules($nat_address, @nat_options);
+                                                       }
+
                                                        push(@nat_options, @source_options);
                                                        push(@nat_options, ("-d", $nat_address));
-                                                       push(@nat_options, @time_options);
 
                                                        my $dnat_port;
                                                        if ($protocol_has_ports) {
Timo's tree of IPFire 2.x