firewall_nat_1to1.php 11.6 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1 2
<?php
/*
3
	Copyright (C) 2014 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

29
require_once("guiconfig.inc");
30
require_once("functions.inc");
Ad Schellevis's avatar
Ad Schellevis committed
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134
require_once("filter.inc");

if (!is_array($config['nat']['onetoone']))
	$config['nat']['onetoone'] = array();

$a_1to1 = &$config['nat']['onetoone'];

if ($_POST) {
	$pconfig = $_POST;

	if ($_POST['apply']) {
		$retval = 0;
		$retval |= filter_configure();
		$savemsg = get_std_save_message($retval);

		if ($retval == 0) {
			clear_subsystem_dirty('natconf');
			clear_subsystem_dirty('filter');
		}
	}
}

if ($_GET['act'] == "del") {
	if ($a_1to1[$_GET['id']]) {
		unset($a_1to1[$_GET['id']]);
		if (write_config())
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}
}

if (isset($_POST['del_x'])) {
	/* delete selected rules */
	if (is_array($_POST['rule']) && count($_POST['rule'])) {
		foreach ($_POST['rule'] as $rulei) {
			unset($a_1to1[$rulei]);
		}
		if (write_config())
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}

} else if ($_GET['act'] == "toggle") {
	if ($a_1to1[$_GET['id']]) {
		if(isset($a_1to1[$_GET['id']]['disabled']))
			unset($a_1to1[$_GET['id']]['disabled']);
		else
			$a_1to1[$_GET['id']]['disabled'] = true;
		if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule"))
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}
} else {
	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
	unset($movebtn);
	foreach ($_POST as $pn => $pd) {
		if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
			$movebtn = $matches[1];
			break;
		}
	}
	/* move selected rules before this rule */
	if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
		$a_1to1_new = array();

		/* copy all rules < $movebtn and not selected */
		for ($i = 0; $i < $movebtn; $i++) {
			if (!in_array($i, $_POST['rule']))
				$a_1to1_new[] = $a_1to1[$i];
		}

		/* copy all selected rules */
		for ($i = 0; $i < count($a_1to1); $i++) {
			if ($i == $movebtn)
				continue;
			if (in_array($i, $_POST['rule']))
				$a_1to1_new[] = $a_1to1[$i];
		}

		/* copy $movebtn rule */
		if ($movebtn < count($a_1to1))
			$a_1to1_new[] = $a_1to1[$movebtn];

		/* copy all rules > $movebtn and not selected */
		for ($i = $movebtn+1; $i < count($a_1to1); $i++) {
			if (!in_array($i, $_POST['rule']))
				$a_1to1_new[] = $a_1to1[$i];
		}
		if (count($a_1to1_new) > 0)
			$a_1to1 = $a_1to1_new;

		if (write_config())
			mark_subsystem_dirty('natconf');
		header("Location: firewall_nat_1to1.php");
		exit;
	}
}

$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("1:1"));
include("head.inc");

Ad Schellevis's avatar
Ad Schellevis committed
135 136 137 138 139
$main_buttons = array(
	array('label'=>gettext("add rule"), 'href'=>'firewall_nat_1to1_edit.php'),
);


Ad Schellevis's avatar
Ad Schellevis committed
140
?>
Ad Schellevis's avatar
Ad Schellevis committed
141
<body>
Ad Schellevis's avatar
Ad Schellevis committed
142
<?php include("fbegin.inc"); ?>
143

Ad Schellevis's avatar
Ad Schellevis committed
144 145 146
	<script type="text/javascript" src="/javascript/row_toggle.js"></script>

	<section class="page-content-main">
147 148 149
		<div class="container-fluid">
			<div class="row">

Ad Schellevis's avatar
Ad Schellevis committed
150
				<?php
151
				if (isset($savemsg))
Ad Schellevis's avatar
Ad Schellevis committed
152 153 154 155 156 157
					print_info_box($savemsg);
				if (is_subsystem_dirty('natconf'))
					print_info_box_np(gettext("The NAT configuration has been changed.") .
						"<br />" .
						gettext("You must apply the changes in order for them to take effect."));
				?>
158 159 160

			    <section class="col-xs-12">

Ad Schellevis's avatar
Ad Schellevis committed
161 162 163 164 165 166 167 168
					<?php
							$tab_array = array();
							$tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php");
							$tab_array[] = array(gettext("1:1"), true, "firewall_nat_1to1.php");
							$tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php");
							$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
							display_top_tabs($tab_array);
					?>
169 170 171

					<div class="tab-content content-box col-xs-12">

Ad Schellevis's avatar
Ad Schellevis committed
172 173

	                        <form action="firewall_nat_1to1.php" method="post" name="iform" id="iform">
174 175
					<input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" />

Ad Schellevis's avatar
Ad Schellevis committed
176
		                        <table class="table table-striped table-sort">
177
		                        <thead>
Ad Schellevis's avatar
Ad Schellevis committed
178
									<tr id="frheader">
Ad Schellevis's avatar
Ad Schellevis committed
179 180 181 182 183 184 185 186
										<th width="3%" class="list">&nbsp;</th>
										<th width="3%" class="list">&nbsp;</th>
										<th class="listhdrr"><?=gettext("Interface"); ?></th>
										<th class="listhdrr"><?=gettext("External IP"); ?></th>
										<th class="listhdrr"><?=gettext("Internal IP"); ?></th>
										<th class="listhdrr"><?=gettext("Destination IP"); ?></th>
										<th class="listhdr"><?=gettext("Description"); ?></th>
										<th class="list"></th>
Ad Schellevis's avatar
Ad Schellevis committed
187
									</tr>
188 189
		                        </thead>
		                        <tbody>
Ad Schellevis's avatar
Ad Schellevis committed
190
						<?php
Ad Schellevis's avatar
Ad Schellevis committed
191
								$textse = "";
Ad Schellevis's avatar
Ad Schellevis committed
192 193 194
								$i = 0;
								foreach ($a_1to1 as $natent):
									if (isset($natent['disabled'])) {
Ad Schellevis's avatar
Ad Schellevis committed
195
										$textss = "text-muted";
Ad Schellevis's avatar
Ad Schellevis committed
196 197
										$iconfn = "glyphicon glyphicon-play";
									} else {
Ad Schellevis's avatar
Ad Schellevis committed
198
										$textss = "text-success";
Ad Schellevis's avatar
Ad Schellevis committed
199 200 201 202 203
										$iconfn = "glyphicon glyphicon-play";
									}
						?>
									<tr valign="top" id="fr<?=$i;?>">
										<td class="listt">
Ad Schellevis's avatar
Ad Schellevis committed
204
											<input type="checkbox" id="frc<?=$i;?>" name="rule[]" value="<?=$i;?>" />
Ad Schellevis's avatar
Ad Schellevis committed
205 206
										</td>
										<td class="listt" align="center">
207
											<a href="?act=toggle&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" class="glyphicon <?=$iconfn;?> <?=$textss;?>" title="<?=gettext("click to toggle enabled/disabled status");?>" ></a>
Ad Schellevis's avatar
Ad Schellevis committed
208 209 210
										</td>
										<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
						<?php
211

Ad Schellevis's avatar
Ad Schellevis committed
212 213 214 215
											if (!$natent['interface'])
												echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
											else
												echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
216

Ad Schellevis's avatar
Ad Schellevis committed
217 218
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
219
										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
220 221 222
						<?php
											$source_net = pprint_address($natent['source']);
											$source_cidr = strstr($source_net, '/');
223
											echo $natent['external'] . $source_cidr;
Ad Schellevis's avatar
Ad Schellevis committed
224 225
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
226
										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
227
						<?php
Ad Schellevis's avatar
Ad Schellevis committed
228
											echo $source_net . $textse;
Ad Schellevis's avatar
Ad Schellevis committed
229 230
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
231
										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
232
						<?php
233
											echo pprint_address($natent['destination']);
Ad Schellevis's avatar
Ad Schellevis committed
234 235
						?>
										</td>
Ad Schellevis's avatar
Ad Schellevis committed
236
										<td class="listbg"  ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
Ad Schellevis's avatar
Ad Schellevis committed
237
						<?php
238
											echo htmlspecialchars($natent['descr']) . '&nbsp;';
Ad Schellevis's avatar
Ad Schellevis committed
239 240 241
						?>
										</td>
										<td class="list nowrap" valign="middle">
Ad Schellevis's avatar
Ad Schellevis committed
242
											<button  name="move_<?=$i;?>_x"
243 244
												title="<?=gettext("move selected mapping before this rule");?>"
												type="submit" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left"><span class="glyphicon glyphicon-arrow-left"></span></button>
245

246 247 248
											<a href="firewall_nat_1to1_edit.php?id=<?=$i;?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit this mapping");?>"><span class="glyphicon glyphicon-pencil"></span></a>
											<a href="firewall_nat_1to1.php?act=del&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete this mapping");?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></a>
											<a href="firewall_nat_1to1_edit.php?dup=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("add new mapping based on this one");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
Ad Schellevis's avatar
Ad Schellevis committed
249 250 251 252 253 254 255 256 257
										</td>
									</tr>
						<?php
									$i++;
								endforeach;
						?>
									<tr>
										<td class="list" colspan="7"></td>
										<td class="list nowrap" valign="middle">
258

Ad Schellevis's avatar
Ad Schellevis committed
259 260 261 262 263 264 265
						<?php
													if ($i == 0):
						?>
														<span title="<?=gettext("move selected mappings to end");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></span>
						<?php
													else:
						?>
266
														<button name="move_<?=$i;?>_x" type="submit"  data-toggle="tooltip" data-placement="left" title="<?=gettext("move selected mappings to end");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></button>
Ad Schellevis's avatar
Ad Schellevis committed
267 268 269
						<?php
													endif;
						?>
270

271
														<a href="firewall_nat_1to1_edit.php" data-toggle="tooltip" data-placement="left" title="<?=gettext("add new mapping");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
272

Ad Schellevis's avatar
Ad Schellevis committed
273 274 275
						<?php
													if ($i == 0):
						?>
276
														<span title="<?=gettext("delete selected rules");?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete mapping");?>"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></span>
Ad Schellevis's avatar
Ad Schellevis committed
277 278 279
						<?php
													else:
						?>
280
														<button name="del_x" type="submit" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete selected mappings");?>"
Ad Schellevis's avatar
Ad Schellevis committed
281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299
															onclick="return confirm('<?=gettext("Do you really want to delete the selected mappings?");?>')" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></button>
						<?php
													endif;
						?>
										</td>
									</tr>
									<tr>
										<td colspan="9">
											<p><span class="vexpl">
												<span class="text-danger"><strong><?=gettext("Note:"); ?><br /></strong></span>
												<?=gettext("Depending on the way your WAN connection is setup, you may also need a"); ?>
												<a href="firewall_virtual_ip.php"><?=gettext("Virtual IP."); ?></a><br />
												<?=gettext("If you add a 1:1 NAT entry for any of the interface IPs on this system, " .
													"it will make this system inaccessible on that IP address. i.e. if " .
													"you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) " .
													"using the WAN IP address will no longer function."); ?>
											</span></p>
										</td>
									</tr>
300
		                        </tbody>
Ad Schellevis's avatar
Ad Schellevis committed
301 302 303 304 305
								</table>
	                        </form>
					</div>
			    </section>
			</div>
Ad Schellevis's avatar
Ad Schellevis committed
306
		</div>
Ad Schellevis's avatar
Ad Schellevis committed
307 308
	</section>

309
<?php include("foot.inc"); ?>