Commit 4c88ef63 authored by djGrrr's avatar djGrrr

Fix IPv6 Outbound NAT

Rules using "Interface Address" as the NAT target IP did not select the
IPv6 address when generating the rule
parent 155fca31
...@@ -1316,7 +1316,7 @@ function filter_nat_rules_outbound_automatic(&$FilterIflist, $src) ...@@ -1316,7 +1316,7 @@ function filter_nat_rules_outbound_automatic(&$FilterIflist, $src)
} }
/* Generate a 'nat on' or 'no nat on' rule for given interface */ /* Generate a 'nat on' or 'no nat on' rule for given interface */
function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "", $log = false) function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "", $log = false, $ipproto = "inet")
{ {
global $config; global $config;
...@@ -1330,9 +1330,16 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor ...@@ -1330,9 +1330,16 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
} else { } else {
$tgt = "{$natip}/32"; $tgt = "{$natip}/32";
} }
} else {
if ($ipproto == "inet6") {
$natip = get_interface_ipv6($if);
} else { } else {
$natip = get_interface_ip($if); $natip = get_interface_ip($if);
if (is_ipaddr($natip)) { }
if (is_ipaddrv6($natip)){
$tgt = "{$natip}/128";
} elseif (is_ipaddr($natip)) {
$tgt = "{$natip}/32"; $tgt = "{$natip}/32";
} else { } else {
$tgt = "(" . $FilterIflist[$if]['if'] . ")"; $tgt = "(" . $FilterIflist[$if]['if'] . ")";
...@@ -1352,6 +1359,14 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor ...@@ -1352,6 +1359,14 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
} else { } else {
$protocol = ""; $protocol = "";
} }
/* Add the ip protocol */
if (!empty($ipproto) && $ipproto != "inet") {
$ipprotocol = " {$ipproto}";
} else {
$ipprotocol = "";
}
/* Add the hard set source port (useful for ISAKMP) */ /* Add the hard set source port (useful for ISAKMP) */
if ($natport != "") { if ($natport != "") {
$tgt .= " port {$natport}"; $tgt .= " port {$natport}";
...@@ -1400,7 +1415,7 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor ...@@ -1400,7 +1415,7 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
$if_friendly = $FilterIflist[$if]['descr']; $if_friendly = $FilterIflist[$if]['descr'];
/* Put all the pieces together */ /* Put all the pieces together */
if ($if_friendly) { if ($if_friendly) {
$natrule = "{$nat} {$logtag} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n"; $natrule = "{$nat} {$logtag} on \${$if_friendly}{$ipprotocol}{$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n";
} else { } else {
$natrule .= "# Could not convert {$if} to friendly name(alias)\n"; $natrule .= "# Could not convert {$if} to friendly name(alias)\n";
} }
...@@ -1616,7 +1631,8 @@ function filter_nat_rules_generate(&$FilterIflist) ...@@ -1616,7 +1631,8 @@ function filter_nat_rules_generate(&$FilterIflist)
isset($obent['staticnatport']), isset($obent['staticnatport']),
$obent['protocol'], $obent['protocol'],
$poolopts, $poolopts,
isset($obent['log']) isset($obent['log']),
$obent['ipprotocol']
); );
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment