firewall_nat_1to1.php 11.7 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1 2
<?php
/*
3
	Copyright (C) 2014 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

29
require_once("guiconfig.inc");
30
require_once("functions.inc");
Ad Schellevis's avatar
Ad Schellevis committed
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135
require_once("filter.inc");
require_once("shaper.inc");

if (!is_array($config['nat']['onetoone']))
	$config['nat']['onetoone'] = array();

$a_1to1 = &$config['nat']['onetoone'];

if ($_POST) {
	$pconfig = $_POST;

	if ($_POST['apply']) {
		$retval = 0;
		$retval |= filter_configure();
		$savemsg = get_std_save_message($retval);

		if ($retval == 0) {
			clear_subsystem_dirty('natconf');
			clear_subsystem_dirty('filter');
		}
	}
}

if ($_GET['act'] == "del") {
	if ($a_1to1[$_GET['id']]) {
		unset($a_1to1[$_GET['id']]);
		if (write_config())
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}
}

if (isset($_POST['del_x'])) {
	/* delete selected rules */
	if (is_array($_POST['rule']) && count($_POST['rule'])) {
		foreach ($_POST['rule'] as $rulei) {
			unset($a_1to1[$rulei]);
		}
		if (write_config())
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}

} else if ($_GET['act'] == "toggle") {
	if ($a_1to1[$_GET['id']]) {
		if(isset($a_1to1[$_GET['id']]['disabled']))
			unset($a_1to1[$_GET['id']]['disabled']);
		else
			$a_1to1[$_GET['id']]['disabled'] = true;
		if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule"))
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}
} else {
	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
	unset($movebtn);
	foreach ($_POST as $pn => $pd) {
		if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
			$movebtn = $matches[1];
			break;
		}
	}
	/* move selected rules before this rule */
	if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
		$a_1to1_new = array();

		/* copy all rules < $movebtn and not selected */
		for ($i = 0; $i < $movebtn; $i++) {
			if (!in_array($i, $_POST['rule']))
				$a_1to1_new[] = $a_1to1[$i];
		}

		/* copy all selected rules */
		for ($i = 0; $i < count($a_1to1); $i++) {
			if ($i == $movebtn)
				continue;
			if (in_array($i, $_POST['rule']))
				$a_1to1_new[] = $a_1to1[$i];
		}

		/* copy $movebtn rule */
		if ($movebtn < count($a_1to1))
			$a_1to1_new[] = $a_1to1[$movebtn];

		/* copy all rules > $movebtn and not selected */
		for ($i = $movebtn+1; $i < count($a_1to1); $i++) {
			if (!in_array($i, $_POST['rule']))
				$a_1to1_new[] = $a_1to1[$i];
		}
		if (count($a_1to1_new) > 0)
			$a_1to1 = $a_1to1_new;

		if (write_config())
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}
}

$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("1:1"));
include("head.inc");

Ad Schellevis's avatar
Ad Schellevis committed
136 137 138 139 140
$main_buttons = array(
	array('label'=>gettext("add rule"), 'href'=>'firewall_nat_1to1_edit.php'),
);


Ad Schellevis's avatar
Ad Schellevis committed
141
?>
Ad Schellevis's avatar
Ad Schellevis committed
142
<body>
Ad Schellevis's avatar
Ad Schellevis committed
143
<?php include("fbegin.inc"); ?>
144

Ad Schellevis's avatar
Ad Schellevis committed
145 146 147
	<script type="text/javascript" src="/javascript/row_toggle.js"></script>

	<section class="page-content-main">
148 149 150
		<div class="container-fluid">
			<div class="row">

Ad Schellevis's avatar
Ad Schellevis committed
151 152 153 154 155 156 157 158
				<?php
				if ($savemsg)
					print_info_box($savemsg);
				if (is_subsystem_dirty('natconf'))
					print_info_box_np(gettext("The NAT configuration has been changed.") .
						"<br />" .
						gettext("You must apply the changes in order for them to take effect."));
				?>
159 160 161

			    <section class="col-xs-12">

Ad Schellevis's avatar
Ad Schellevis committed
162 163 164 165 166 167 168 169
					<?php
							$tab_array = array();
							$tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php");
							$tab_array[] = array(gettext("1:1"), true, "firewall_nat_1to1.php");
							$tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php");
							$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
							display_top_tabs($tab_array);
					?>
170 171 172

					<div class="tab-content content-box col-xs-12">

Ad Schellevis's avatar
Ad Schellevis committed
173 174

	                        <form action="firewall_nat_1to1.php" method="post" name="iform" id="iform">
175 176
					<input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" />

Ad Schellevis's avatar
Ad Schellevis committed
177
		                        <table class="table table-striped table-sort">
178
		                        <thead>
Ad Schellevis's avatar
Ad Schellevis committed
179
									<tr id="frheader">
Ad Schellevis's avatar
Ad Schellevis committed
180 181 182 183 184 185 186 187
										<th width="3%" class="list">&nbsp;</th>
										<th width="3%" class="list">&nbsp;</th>
										<th class="listhdrr"><?=gettext("Interface"); ?></th>
										<th class="listhdrr"><?=gettext("External IP"); ?></th>
										<th class="listhdrr"><?=gettext("Internal IP"); ?></th>
										<th class="listhdrr"><?=gettext("Destination IP"); ?></th>
										<th class="listhdr"><?=gettext("Description"); ?></th>
										<th class="list"></th>
Ad Schellevis's avatar
Ad Schellevis committed
188
									</tr>
189 190
		                        </thead>
		                        <tbody>
Ad Schellevis's avatar
Ad Schellevis committed
191
						<?php
Ad Schellevis's avatar
Ad Schellevis committed
192
								$textse = "";
Ad Schellevis's avatar
Ad Schellevis committed
193 194 195
								$i = 0;
								foreach ($a_1to1 as $natent):
									if (isset($natent['disabled'])) {
Ad Schellevis's avatar
Ad Schellevis committed
196
										$textss = "text-muted";
Ad Schellevis's avatar
Ad Schellevis committed
197 198
										$iconfn = "glyphicon glyphicon-play";
									} else {
Ad Schellevis's avatar
Ad Schellevis committed
199
										$textss = "text-success";
Ad Schellevis's avatar
Ad Schellevis committed
200 201 202 203 204
										$iconfn = "glyphicon glyphicon-play";
									}
						?>
									<tr valign="top" id="fr<?=$i;?>">
										<td class="listt">
Ad Schellevis's avatar
Ad Schellevis committed
205
											<input type="checkbox" id="frc<?=$i;?>" name="rule[]" value="<?=$i;?>" />
Ad Schellevis's avatar
Ad Schellevis committed
206 207
										</td>
										<td class="listt" align="center">
208
											<a href="?act=toggle&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" class="glyphicon <?=$iconfn;?> <?=$textss;?>" title="<?=gettext("click to toggle enabled/disabled status");?>" ></a>
Ad Schellevis's avatar
Ad Schellevis committed
209 210 211
										</td>
										<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
						<?php
212

Ad Schellevis's avatar
Ad Schellevis committed
213 214 215 216
											if (!$natent['interface'])
												echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
											else
												echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
217

Ad Schellevis's avatar
Ad Schellevis committed
218 219
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
220
										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
221 222 223
						<?php
											$source_net = pprint_address($natent['source']);
											$source_cidr = strstr($source_net, '/');
224
											echo $natent['external'] . $source_cidr;
Ad Schellevis's avatar
Ad Schellevis committed
225 226
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
227
										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
228
						<?php
Ad Schellevis's avatar
Ad Schellevis committed
229
											echo $source_net . $textse;
Ad Schellevis's avatar
Ad Schellevis committed
230 231
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
232
										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
233
						<?php
234
											echo pprint_address($natent['destination']);
Ad Schellevis's avatar
Ad Schellevis committed
235 236
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
237
										<td class="listbg"  ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
238
						<?php
239
											echo htmlspecialchars($natent['descr']) . '&nbsp;';
Ad Schellevis's avatar
Ad Schellevis committed
240 241 242
						?>
										</td>
										<td class="list nowrap" valign="middle">
Ad Schellevis's avatar
Ad Schellevis committed
243
											<button  name="move_<?=$i;?>_x"
244 245
												title="<?=gettext("move selected mapping before this rule");?>"
												type="submit" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left"><span class="glyphicon glyphicon-arrow-left"></span></button>
246

247 248 249
											<a href="firewall_nat_1to1_edit.php?id=<?=$i;?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit this mapping");?>"><span class="glyphicon glyphicon-pencil"></span></a>
											<a href="firewall_nat_1to1.php?act=del&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete this mapping");?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></a>
											<a href="firewall_nat_1to1_edit.php?dup=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("add new mapping based on this one");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
Ad Schellevis's avatar
Ad Schellevis committed
250 251 252 253 254 255 256 257 258
										</td>
									</tr>
						<?php
									$i++;
								endforeach;
						?>
									<tr>
										<td class="list" colspan="7"></td>
										<td class="list nowrap" valign="middle">
259

Ad Schellevis's avatar
Ad Schellevis committed
260 261 262 263 264 265 266
						<?php
													if ($i == 0):
						?>
														<span title="<?=gettext("move selected mappings to end");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></span>
						<?php
													else:
						?>
267
														<button name="move_<?=$i;?>_x" type="submit"  data-toggle="tooltip" data-placement="left" title="<?=gettext("move selected mappings to end");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></button>
Ad Schellevis's avatar
Ad Schellevis committed
268 269 270
						<?php
													endif;
						?>
271

272
														<a href="firewall_nat_1to1_edit.php" data-toggle="tooltip" data-placement="left" title="<?=gettext("add new mapping");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
273

Ad Schellevis's avatar
Ad Schellevis committed
274 275 276
						<?php
													if ($i == 0):
						?>
277
														<span title="<?=gettext("delete selected rules");?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete mapping");?>"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></span>
Ad Schellevis's avatar
Ad Schellevis committed
278 279 280
						<?php
													else:
						?>
281
														<button name="del_x" type="submit" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete selected mappings");?>"
Ad Schellevis's avatar
Ad Schellevis committed
282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300
															onclick="return confirm('<?=gettext("Do you really want to delete the selected mappings?");?>')" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></button>
						<?php
													endif;
						?>
										</td>
									</tr>
									<tr>
										<td colspan="9">
											<p><span class="vexpl">
												<span class="text-danger"><strong><?=gettext("Note:"); ?><br /></strong></span>
												<?=gettext("Depending on the way your WAN connection is setup, you may also need a"); ?>
												<a href="firewall_virtual_ip.php"><?=gettext("Virtual IP."); ?></a><br />
												<?=gettext("If you add a 1:1 NAT entry for any of the interface IPs on this system, " .
													"it will make this system inaccessible on that IP address. i.e. if " .
													"you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) " .
													"using the WAN IP address will no longer function."); ?>
											</span></p>
										</td>
									</tr>
301
		                        </tbody>
Ad Schellevis's avatar
Ad Schellevis committed
302 303 304 305 306
								</table>
	                        </form>
					</div>
			    </section>
			</div>
Ad Schellevis's avatar
Ad Schellevis committed
307
		</div>
Ad Schellevis's avatar
Ad Schellevis committed
308 309
	</section>

310
<?php include("foot.inc"); ?>