From 08e1c65d856ef4931dd641cdffe75ff75238e286 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Thu, 11 Apr 2013 17:33:22 +0200 Subject: [PATCH] Forward Firewall: added SNAT multiport support --- config/forwardfw/rules.pl | 15 ++++++++++----- html/cgi-bin/forwardfw.cgi | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl index 917e061eb..1cbbee7a5 100755 --- a/config/forwardfw/rules.pl +++ b/config/forwardfw/rules.pl @@ -182,7 +182,7 @@ sub buildrules next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' ); if ($$hash{$key}[28] eq 'ON'){ $command='iptables -t nat -A'; - $natip=&get_nat_ip($$hash{$key}[29]); + $natip=&get_nat_ip($$hash{$key}[29],$$hash{$key}[31]); if($$hash{$key}[31] eq 'dnat'){ $nat='DNAT'; if ($$hash{$key}[30] =~ /\|/){ @@ -308,8 +308,8 @@ sub buildrules } } print "iptables -A PORTFWACCESS $PROT -i $con $STAG $sourcehash{$a}[0] -d $ip $fwaccessdport $TIME -j $$hash{$key}[0]\n"; - }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){ - print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip$fireport\n"; + }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){ + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $nat --to $natip\n"; } } } @@ -382,17 +382,22 @@ sub buildrules sub get_nat_ip { my $val=shift; + my $type=shift; my $result; if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){ $result=$defaultNetworks{$val.'_ADDRESS'}; }elsif($val eq 'ALL'){ $result='-i '.$con; - }elsif($val eq 'Default IP'){ + }elsif($val eq 'Default IP' && $type eq 'dnat'){ $result='-d '.$redip; + }elsif($val eq 'Default IP' && $type eq 'snat'){ + $result=$redip; }else{ foreach my $al (sort keys %aliases){ - if($val eq $al){ + if($val eq $al && $type eq 'dnat'){ $result='-d '.$aliases{$al}{'IPT'}; + }elsif($val eq $al && $type eq 'snat'){ + $result=$aliases{$al}{'IPT'}; } } } diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 72771e8cf..7bd3fa52f 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -77,7 +77,7 @@ my %aliases=(); my %optionsfw=(); my %ifaces=(); -my $VERSION='0.9.9.3'; +my $VERSION='0.9.9.4'; my $color; my $confignet = "${General::swroot}/fwhosts/customnetworks"; my $confighost = "${General::swroot}/fwhosts/customhosts"; @@ -838,7 +838,7 @@ sub checktarget if ($fwdfwsettings{'grp3'} eq 'TGT_PORT'){ if ($fwdfwsettings{'TGT_PROT'} eq 'TCP' || $fwdfwsettings{'TGT_PROT'} eq 'UDP'){ if ($fwdfwsettings{'TGT_PORT'} ne ''){ - if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'}) { + if ($fwdfwsettings{'TGT_PORT'} =~ "," && $fwdfwsettings{'USE_NAT'} && $fwdfwsettings{'nat'} eq 'dnat') { $errormessage=$Lang::tr{'fwdfw dnat porterr'}."
"; } my @parts=split(",",$fwdfwsettings{'TGT_PORT'}); -- 2.39.2