Skip to content

O
OpnSense
Commit 8f010ec5 authored by Ad Schellevis's avatar Ad Schellevis Committed by GitHub
Browse files
Options

Merge pull request #1080 from djGrrr/master 

Fix IPv6 Outbound NAT
parents 155fca31 4c88ef63
Hide whitespace changes
Inline Side-by-side
Showing with 21 additions and 5 deletions
src/etc/inc/filter.inc
View file @ 8f010ec5
...@@ -1316,7 +1316,7 @@ function filter_nat_rules_outbound_automatic(&$FilterIflist, $src) ...@@ -1316,7 +1316,7 @@ function filter_nat_rules_outbound_automatic(&$FilterIflist, $src)
} }
/* Generate a 'nat on' or 'no nat on' rule for given interface */ /* Generate a 'nat on' or 'no nat on' rule for given interface */
function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "", $log = false) function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "", $log = false, $ipproto = "inet")
{ {
global $config; global $config;
...@@ -1331,8 +1331,15 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor ...@@ -1331,8 +1331,15 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
$tgt = "{$natip}/32"; $tgt = "{$natip}/32";
} }
} else { } else {
$natip = get_interface_ip($if); if ($ipproto == "inet6") {
if (is_ipaddr($natip)) { $natip = get_interface_ipv6($if);
} else {
$natip = get_interface_ip($if);
}
if (is_ipaddrv6($natip)){
$tgt = "{$natip}/128";
} elseif (is_ipaddr($natip)) {
$tgt = "{$natip}/32"; $tgt = "{$natip}/32";
} else { } else {
$tgt = "(" . $FilterIflist[$if]['if'] . ")"; $tgt = "(" . $FilterIflist[$if]['if'] . ")";
...@@ -1352,6 +1359,14 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor ...@@ -1352,6 +1359,14 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
} else { } else {
$protocol = ""; $protocol = "";
} }
/* Add the ip protocol */
if (!empty($ipproto) && $ipproto != "inet") {
$ipprotocol = " {$ipproto}";
} else {
$ipprotocol = "";
}
/* Add the hard set source port (useful for ISAKMP) */ /* Add the hard set source port (useful for ISAKMP) */
if ($natport != "") { if ($natport != "") {
$tgt .= " port {$natport}"; $tgt .= " port {$natport}";
...@@ -1400,7 +1415,7 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor ...@@ -1400,7 +1415,7 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
$if_friendly = $FilterIflist[$if]['descr']; $if_friendly = $FilterIflist[$if]['descr'];
/* Put all the pieces together */ /* Put all the pieces together */
if ($if_friendly) { if ($if_friendly) {
$natrule = "{$nat} {$logtag} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n"; $natrule = "{$nat} {$logtag} on \${$if_friendly}{$ipprotocol}{$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n";
} else { } else {
$natrule .= "# Could not convert {$if} to friendly name(alias)\n"; $natrule .= "# Could not convert {$if} to friendly name(alias)\n";
} }
...@@ -1616,7 +1631,8 @@ function filter_nat_rules_generate(&$FilterIflist) ...@@ -1616,7 +1631,8 @@ function filter_nat_rules_generate(&$FilterIflist)
isset($obent['staticnatport']), isset($obent['staticnatport']),
$obent['protocol'], $obent['protocol'],
$poolopts, $poolopts,
isset($obent['log']) isset($obent['log']),
$obent['ipprotocol']
); );
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023