From a6edca5a899eca09c3ccd8cd22c2b7a3223fcdd3 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Tue, 19 Mar 2013 04:48:23 +0100 Subject: [PATCH] Forward Firewall: support for SNAT/DNAT in GUI and rules.pl --- config/forwardfw/rules.pl | 100 ++++++++++++++++++++++++++++----- html/cgi-bin/forwardfw.cgi | 111 ++++++++++++++++++++++++------------- langs/de/cgi-bin/de.pl | 5 ++ langs/en/cgi-bin/en.pl | 5 ++ 4 files changed, 169 insertions(+), 52 deletions(-) diff --git a/config/forwardfw/rules.pl b/config/forwardfw/rules.pl index 2547e474f..4461893ae 100755 --- a/config/forwardfw/rules.pl +++ b/config/forwardfw/rules.pl @@ -45,6 +45,7 @@ my @timeframe=(); my %configinputfw=(); my %configoutgoingfw=(); my %configdmzfw=(); +my %confignatfw=(); my %aliases=(); my @DPROT=(); my @p2ps=(); @@ -56,6 +57,7 @@ my $configdmz = "${General::swroot}/forward/dmz"; my $configfwdfw = "${General::swroot}/forward/config"; my $configinput = "${General::swroot}/forward/input"; my $configoutgoing = "${General::swroot}/forward/outgoing"; +my $confignat = "${General::swroot}/forward/nat"; my $p2pfile = "${General::swroot}/forward/p2protocols"; my $configgrp = "${General::swroot}/fwhosts/customgroups"; my $netsettings = "${General::swroot}/ethernet/settings"; @@ -66,13 +68,16 @@ my $blue; my ($TYPE,$PROT,$SPROT,$DPROT,$SPORT,$DPORT,$TIME,$TIMEFROM,$TIMETILL,$SRC_TGT); my $CHAIN="FORWARDFW"; my $conexists='off'; - +my $command = 'iptables -A'; +my $dnat=''; +my $snat=''; &General::readhash("${General::swroot}/forward/settings", \%fwdfwsettings); &General::readhash("$netsettings", \%defaultNetworks); &General::readhasharray($configdmz, \%configdmzfw); &General::readhasharray($configfwdfw, \%configfwdfw); &General::readhasharray($configinput, \%configinputfw); &General::readhasharray($configoutgoing, \%configoutgoingfw); +&General::readhasharray($confignat, \%confignatfw); &General::readhasharray($configgrp, \%customgrp); &General::get_aliases(\%aliases); @@ -83,7 +88,9 @@ close(CONN); if (-f "/var/ipfire/red/active"){ $conexists='on'; } - +open (CONN1,"/var/ipfire/red/local-ipaddress"); +my $redip = ; +close(CONN1); ################################ # DEBUG/TEST # ################################ @@ -155,13 +162,29 @@ sub preparerules if (! -z "${General::swroot}/forward/outgoing"){ &buildrules(\%configoutgoingfw); } + if (! -z "${General::swroot}/forward/nat"){ + &buildrules(\%confignatfw); + } } sub buildrules { my $hash=shift; my $STAG; + my $natip; + my $snatport; + my $fireport; foreach my $key (sort {$a <=> $b} keys %$hash){ next if ($$hash{$key}[6] eq 'RED' && $conexists eq 'off' ); + if ($$hash{$key}[28] eq 'ON'){ + $command='iptables -t nat -A'; + $natip=&get_nat_ip($$hash{$key}[29]); + if($$hash{$key}[31] eq 'dnat'){ + $$hash{$key}[0]='DNAT'; + $fireport='--dport '.$$hash{$key}[30] if ($$hash{$key}[30]>0); + }else{ + $$hash{$key}[0]='SNAT'; + } + } $STAG=''; if($$hash{$key}[2] eq 'ON'){ #get source ip's @@ -248,15 +271,22 @@ sub buildrules my @icmprule= split(",",substr($DPORT, 12,)); foreach (@icmprule){ if ($$hash{$key}[17] eq 'ON'){ - print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n"; + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j LOG\n"; } - print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n"; + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]\n"; } - }else{ + }elsif($$hash{$key}[28] ne 'ON'){ if ($$hash{$key}[17] eq 'ON'){ - print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n"; + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n"; } - print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n"; + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n"; + }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'dnat'){ + #if ($$hash{$key}[17] eq 'ON'){ + #print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $targethash{$b}[0] $DPORT $TIME -j LOG\n"; + #} + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $targethash{$b}[0]$DPORT\n"; + }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[32] eq 'snat'){ + print "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n"; } } } @@ -278,15 +308,28 @@ sub buildrules my @icmprule= split(",",substr($DPORT, 12,)); foreach (@icmprule){ if ($$hash{$key}[17] eq 'ON'){ - system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG"); + system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] -- icmp-type $_ $TIME -j LOG"); } - system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]"); + system ("$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] --icmp-type $_ $TIME -j $$hash{$key}[0]"); + } + }elsif($$hash{$key}[28] ne 'ON'){ + if ($$hash{$key}[17] eq 'ON'){ + system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n"; + } + system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]\n"; + }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat'){ + if ($$hash{$key}[17] eq 'ON'){ + system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j LOG --log-prefix 'DNAT' \n"; } - }else{ + my $fwaccessdport="--dport ".substr($DPORT,1,) if ($DPORT); + my ($ip,$sub) =split("/",$targethash{$b}[0]); + system "iptables -A PORTFWACCESS $PROT $STAG $sourcehash{$a}[0] -d $targethash{$b}[0] $fwaccessdport $TIME \n"; + system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT $natip $fireport $TIME -j $$hash{$key}[0] --to $ip$DPORT\n"; + }elsif($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat'){ if ($$hash{$key}[17] eq 'ON'){ - system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG"); + system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG --log-prefix 'SNAT '\n"; } - system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0]"); + system "$command $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j $$hash{$key}[0] --to $natip$fireport\n"; } } } @@ -300,8 +343,28 @@ sub buildrules undef $TIME; undef $TIMEFROM; undef $TIMETILL; + undef $fireport; } } +sub get_nat_ip +{ + my $val=shift; + my $result; + if($val eq 'RED' || $val eq 'GREEN' || $val eq 'ORANGE' || $val eq 'BLUE'){ + $result=$defaultNetworks{$val.'_ADDRESS'}; + }elsif($val eq 'ALL'){ + $result='-i '.$con; + }elsif($val eq 'Default IP'){ + $result='-d '.$redip; + }else{ + foreach my $al (sort keys %aliases){ + if($val eq $al){ + $result='-d '.$aliases{$al}{'IPT'}; + } + } + } + return $result; +} sub get_time { my $val=shift; @@ -364,7 +427,6 @@ sub p2pblock } } } - sub get_address { my $base=shift; #source of checking ($configfwdfw{$key}[x] or groupkey @@ -439,7 +501,11 @@ sub get_port if(index($$hash{$key}[10],",") > 0){ return "-m multiport --sport $$hash{$key}[10] "; }else{ - return "--sport $$hash{$key}[10] "; + if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ||($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'dnat') ){ + return "--sport $$hash{$key}[10] "; + }else{ + return ":$$hash{$key}[10]"; + } } }elsif($$hash{$key}[9] ne '' && $$hash{$key}[9] ne 'All ICMP-Types'){ return "--icmp-type $$hash{$key}[9] "; @@ -454,7 +520,11 @@ sub get_port if(index($$hash{$key}[15],",") > 0){ return "-m multiport --dport $$hash{$key}[15] "; }else{ - return "--dport $$hash{$key}[15] "; + if($$hash{$key}[28] ne 'ON' || ($$hash{$key}[28] eq 'ON' && $$hash{$key}[31] eq 'snat') ){ + return "--dport $$hash{$key}[15] "; + }else{ + return ":$$hash{$key}[15]"; + } } }elsif($$hash{$key}[13] ne '' && $$hash{$key}[13] ne 'All ICMP-Types'){ return "--icmp-type $$hash{$key}[13] "; diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index 0bf3a31c3..84e01704d 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -765,7 +765,35 @@ sub checksource sub checktarget { my ($ip,$subnet); - + &General::readhasharray("$configsrv", \%customservice); + #check DNAT settings (has to be single Host and single Port) + if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){ + if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){ + if ($fwdfwsettings{'USESRV'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + #check if manual ip is a single Host (if set) + if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){ + my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}}); + my @tmp1= split ("/",$tmp[3]); + if (($tmp1[0] eq "0") || ($tmp1[0] eq "255")) + { + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + } + } + #check if Port is a single Port + if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ + if(($fwdfwsettings{'TGT_PROT'} ne 'TCP'|| $fwdfwsettings{'TGT_PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + if (($fwdfwsettings{'TGT_PROT'} eq 'TCP'|| $fwdfwsettings{'TGT_PROT'} eq 'UDP') && $fwdfwsettings{'TGT_PORT'} ne '' && !&check_natport($fwdfwsettings{'TGT_PORT'})){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + } + }else{ + $errormessage=$Lang::tr{'fwdfw dnat error'}."
"; + } + } if ($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} ne ''){ #check if ip with subnet if ($fwdfwsettings{'tgt_addr'} =~ /^(.*?)\/(.*?)$/) { @@ -785,15 +813,12 @@ sub checktarget if(!&General::validipandmask($fwdfwsettings{'tgt_addr'})){ $errormessage.=$Lang::tr{'fwdfw err tgt_addr'}."
"; } - }elsif($fwdfwsettings{'tgt_addr'} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{'tgt_addr'} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgtip'}; return $errormessage; } - #check empty fields if ($fwdfwsettings{$fwdfwsettings{'grp2'}} eq ''){ $errormessage.=$Lang::tr{'fwdfw err notgt'}."
";} - #check tgt services if ($fwdfwsettings{'USESRV'} eq 'ON'){ if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ @@ -886,8 +911,36 @@ sub checktarget } return $errormessage; } +sub check_natport +{ + my $val=shift; + if ($val =~ "," || $val =~ ":" || $val>65536 || $val<0){ + return 0; + } + return 1; +} sub checkrule { + #check valid port for NAT + if($fwdfwsettings{'USE_NAT'} eq 'ON'){ + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$fwdfwsettings{'TGT_PORT'};} + if($fwdfwsettings{'nat'} eq 'dnat' && !&check_natport($fwdfwsettings{'dnatport'})){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + elsif($fwdfwsettings{'USESRV'} eq 'ON' && $fwdfwsettings{'grp3'} eq 'cust_srv'){ + my $custsrvport; + #get servcie Protocol and Port + foreach my $key (sort keys %customservice){ + if($fwdfwsettings{$fwdfwsettings{'grp3'}} eq $customservice{$key}[0]){ + if ($customservice{$key}[2] ne 'TCP' && $customservice{$key}[2] ne 'UDP'){ + $errormessage=$Lang::tr{'fwdfw target'}.": ".$Lang::tr{'fwdfw dnat porterr'}."
"; + } + $custsrvport= $customservice{$key}[1]; + } + } + if($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'dnatport'} eq ''){$fwdfwsettings{'dnatport'}=$custsrvport;} + } + } #check valid remark if ($fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){ $errormessage.=$Lang::tr{'fwdfw err remark'}."
"; @@ -897,12 +950,10 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err same'}; return $errormessage; } - #get source and targetip address if possible my ($sip,$scidr,$tip,$tcidr); ($sip,$scidr)=&get_ip("src","grp1"); ($tip,$tcidr)=&get_ip("tgt","grp2"); - #check same iprange in source and target if ($sip ne '' && $scidr ne '' && $tip ne '' && $tcidr ne ''){ my $networkip1=&General::getnetworkip($sip,$scidr); @@ -924,7 +975,6 @@ sub checkrule } } } - #check source and destination protocol if manual if( $fwdfwsettings{'USE_SRC_PORT'} eq 'ON' && $fwdfwsettings{'USESRV'} eq 'ON'){ if($fwdfwsettings{'PROT'} ne $fwdfwsettings{'TGT_PROT'} && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){ @@ -932,7 +982,6 @@ sub checkrule } #check source and destination protocol if source manual and dest servicegrp if ($fwdfwsettings{'grp3'} eq 'cust_srv'){ - &General::readhasharray("$configsrv", \%customservice); foreach my $key (sort keys %customservice){ if($customservice{$key}[0] eq $fwdfwsettings{$fwdfwsettings{'grp3'}}){ if ($customservice{$key}[2] ne $fwdfwsettings{'PROT'}){ @@ -1442,6 +1491,7 @@ sub newrule $checked{'TIME_FRI'}{$fwdfwsettings{'TIME_FRI'}} = 'CHECKED'; $checked{'TIME_SAT'}{$fwdfwsettings{'TIME_SAT'}} = 'CHECKED'; $checked{'TIME_SUN'}{$fwdfwsettings{'TIME_SUN'}} = 'CHECKED'; + $checked{'USE_NAT'}{$fwdfwsettings{'USE_NAT'}} = 'CHECKED'; $selected{'TIME_FROM'}{$fwdfwsettings{'TIME_FROM'}} = 'selected'; $selected{'TIME_TO'}{$fwdfwsettings{'TIME_TO'}} = 'selected'; $selected{'ipfire'}{$fwdfwsettings{$fwdfwsettings{'grp2'}}} ='selected'; @@ -1481,10 +1531,9 @@ sub newrule $fwdfwsettings{'TIME_FROM'} = $hash{$key}[26]; $fwdfwsettings{'TIME_TO'} = $hash{$key}[27]; $fwdfwsettings{'USE_NAT'} = $hash{$key}[28]; - $fwdfwsettings{'nat'} = $hash{$key}[32]; #changed order + $fwdfwsettings{'nat'} = $hash{$key}[31]; #changed order $fwdfwsettings{$fwdfwsettings{'nat'}} = $hash{$key}[29]; - $fwdfwsettings{'snatport'} = $hash{$key}[30]; - $fwdfwsettings{'dnatport'} = $hash{$key}[31]; + $fwdfwsettings{'dnatport'} = $hash{$key}[30]; $checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED'; $checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED'; $checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED'; @@ -1686,11 +1735,11 @@ END &Header::openbox('100%', 'left', 'NAT'); print< - USE NAT - DNAT + $Lang::tr{'fwdfw use nat'} + $Lang::tr{'fwdfw dnat'} END if (! -z "${General::swroot}/ethernet/aliases"){ - print"IPFire: "; print ""; print ""; @@ -1698,15 +1747,6 @@ END { print ""; } - #foreach my $network (sort keys %defaultNetworks) - #{ - #next if($defaultNetworks{$network}{'NAME'} eq "RED"); - #next if($defaultNetworks{$network}{'NAME'} eq "IPFire"); - #next if($defaultNetworks{$network}{'NAME'} eq "ALL"); - #print ""; - #} }else{ print""; } @@ -1714,9 +1754,8 @@ END print"Port: "; print"
"; #SNAT - print" SNAT"; - print"IPFire: $Lang::tr{'fwdfw snat'}"; + print"IPFire: "; print""; print"
"; &Header::closebox(); @@ -2065,9 +2104,8 @@ sub saverule if($fwdfwsettings{'USE_NAT'} eq 'ON'){ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; - $$hash{$key}[30] = $fwdfwsettings{'snatport'}; - $$hash{$key}[31] = $fwdfwsettings{'dnatport'}; - $$hash{$key}[32] = $fwdfwsettings{'nat'}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; } &General::writehasharray("$config", $hash); }else{ @@ -2104,9 +2142,8 @@ sub saverule if($fwdfwsettings{'USE_NAT'} eq 'ON'){ $$hash{$key}[28] = $fwdfwsettings{'USE_NAT'}; $$hash{$key}[29] = $fwdfwsettings{$fwdfwsettings{'nat'}}; - $$hash{$key}[30] = $fwdfwsettings{'snatport'}; - $$hash{$key}[31] = $fwdfwsettings{'dnatport'}; - $$hash{$key}[32] = $fwdfwsettings{'nat'}; + $$hash{$key}[30] = $fwdfwsettings{'dnatport'}; + $$hash{$key}[31] = $fwdfwsettings{'nat'}; } last; } @@ -2304,7 +2341,7 @@ END $tdcolor=''; &getsrcport(\%$hash,$key); #Is this a SNAT rule? - if ($$hash{$key}[32] eq 'snat'){ + if ($$hash{$key}[31] eq 'snat'){ print"
SNAT -> $$hash{$key}[29]"; if ($$hash{$key}[30] ne ''){ print": $$hash{$key}[30]"; @@ -2329,10 +2366,10 @@ END END #Is this a DNAT rule? - if ($$hash{$key}[32] eq 'dnat'){ + if ($$hash{$key}[31] eq 'dnat'){ print "IPFire ($$hash{$key}[29])"; - if($$hash{$key}[31] ne ''){ - print": $$hash{$key}[31]"; + if($$hash{$key}[30] ne ''){ + print": $$hash{$key}[30]"; } print"
DNAT->"; } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6aec69d90..0537389f7 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -899,6 +899,9 @@ 'fwdfw cust net' => 'Custom Netzwerke:', 'fwdfw copy' => 'Kopieren', 'fwdfw delete' => 'Löschen', +'fwdfw dnat' => 'DNAT/Portforward (ersetze diese IP mit der aus ZIEL)', +'fwdfw dnat error' => 'Für DNAT muss ein einzelner Host als ZIEL gewählt werden. Gruppen oder Netzwerke sind nicht erlaubt', +'fwdfw dnat porterr' => 'Für NAT muss ein einzelner PORT (TCP/UDP) angegeben werden', 'fwdfw DROP' => 'Verwerfen (DROP)', 'fwdfw edit' => 'Bearbeiten', 'fwdfw err nosrc' => 'Keine Quelle gewählt', @@ -939,6 +942,7 @@ 'fwdfw rule action' => 'Regelaktion:', 'fwdfw rule activate' => 'Regel aktivieren', 'fwdfw rulepos' => 'Regelposition', +'fwdfw snat' => 'SNAT (ersetze die Adresse(n) von QUELLE mit dieser)', 'fwdfw source' => 'Quelle', 'fwdfw sourceip' => 'Quelladresse (MAC, IP oder Netzwerk):', 'fwdfw std network' => 'Standard Netzwerke:', @@ -949,6 +953,7 @@ 'fwdfw timeframe' => 'Zeitrahmen hinzufügen', 'fwdfw toggle' => 'Aktivieren oder deaktivieren', 'fwdfw togglelog' => 'Log aktivieren oder deaktivieren', +'fwdfw use nat' => 'NAT benutzen', 'fwdfw useless rule' => 'Diese Regel ist nicht zugelassen.', 'fwdfw use srcport' => 'Quellport benutzen', 'fwdfw use srv' => 'Zielport benutzen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0e875bc88..c64edcb5b 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -924,6 +924,9 @@ 'fwdfw cust net' => 'Custom networks:', 'fwdfw copy' => 'Copy', 'fwdfw delete' => 'Delete', +'fwdfw dnat' => 'DNAT/Portforward (replace this IP with the one from TARGET)', +'fwdfw dnat error' => 'You have to select a single host for DNAT. Groups or networks are not allowed.', +'fwdfw dnat porterr' => 'You have to select a single port (tcp/udp) for NAT', 'fwdfw DROP' => 'DROP', 'fwdfw edit' => 'Edit', 'fwdfw err nosrc' => 'No source selected.', @@ -964,6 +967,7 @@ 'fwdfw rule action' => 'Rule action:', 'fwdfw rule activate' => 'Activate rule', 'fwdfw rulepos' => 'Ruleposition', +'fwdfw snat' => 'SNAT (replace the addresse(s) from SOURCE with this address)', 'fwdfw source' => 'Source', 'fwdfw sourceip' => 'Source address (MAC, IP or Network):', 'fwdfw std network' => 'Standard networks:', @@ -974,6 +978,7 @@ 'fwdfw timeframe' => 'Add timeframe', 'fwdfw toggle' => 'Activate or deactivate', 'fwdfw togglelog' => 'Activate or deactivate logging', +'fwdfw use nat' => 'Use NAT', 'fwdfw useless rule' => 'This rule is rejected (useless).', 'fwdfw use srcport' => 'Use sourceport', 'fwdfw use srv' => 'Use targetport', -- 2.39.2