<?php
#
# Copyright(C) 2004-2005 INL
# Written by Eric Leblond <regit@inl.fr>
# Vincent Deffontaines <gryzor@inl.fr>
# Jean Gillaux <jean@inl.fr>
#
# $Id: nat.php 17927 2009-02-16 13:16:09Z haypo $
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
#
$title='nat';
$singtitle='nat';
$header_ask_list_change=Array('sortsnat', 'sortdnat', 'sortpnat');
require_once ("include/common.php");
require_once ("include/types.php");
require_once ("include/headers.php");
require_once ("include/edit_nat.php");
require_once ("include/nat_func.php");
require_once ("include/html.php");
initRuleset();
$snats=&$expolicy->snats;
$dnats=&$expolicy->dnats;
$pnats=&$expolicy->pnats;
$dndSortSnat = getHttp('dndSortSnat');
$dndSortDnat = getHttp('dndSortDnat');
$dndSortPnat = getHttp('dndSortPnat');
$nat_type=getHttp('nat_type');
$new_nat=getHttp('new_nat');
$ch_nat=getHttp('nat');
$ch_name=getHttp('ch_name');
$nat_nb=getHttp('nat_nb');
$ch_proto=getHttp('proto');
$ch_srcnet=getHttp('srcnet');
$ch_dstnet=getHttp('dstnet');
$ch_sport=getHttp('sport');
$ch_dport=getHttp('dport');
$rand_sport=getHttp('rand_sport', 0);
$ch_icmptype=getHttp('icmptype');
$ch_nat_addr=getHttp('nat_addr');
$ch_nat_port=getHttp('nat_port');
$delete_s=getHttp('delete_s');
$ch_comment=getHttp('comment');
#Security filtering
if (!check_aclorder($dndSortSnat, 'SNAT order'))
{
log_and_exit(-1);
}
if (!check_aclorder($dndSortDnat, 'DNAT order'))
{
log_and_exit(-1);
}
if (!check_aclorder($dndSortPnat, 'PNAT order'))
{
log_and_exit(-1);
}
if (!check_nb($ch_nat))
{
log_and_exit(-1);
}
if ($ch_sport != '' and !check_port_range($ch_sport))
{
log_error(sprintf(_('Sorry, bad parameter received for "%s": "%s"!'),
'sport', $ch_sport));
log_and_exit(-1);
}
if (!check_nb($ch_dport))
{
log_and_exit(-1);
}
if ($rand_sport == 'on') $rand_sport = 1;
if (!check_nb($rand_sport))
{
log_and_exit(-1);
}
if (!isset($ch_icmptype))
$ch_icmptype = '--';
if(isset($delete_s))//delete nat rule?
{
if (!check_input_var('elt', 'ID', $delete_s, 'snat ID'))
log_and_exit(-1);
switch($nat_type){
case "DNAT":
$dnats->del_elt($delete_s);
$dnats = $dnats->reorder();
break;
case "SNAT":
$snats->del_elt($delete_s);
$snats = $snats->reorder();
break;
case "PNAT":
$pnats->del_elt($delete_s);
$pnats = $pnats->reorder();
break;
default:
break;
}
$snat_ress = &$snats->ordered_list_tab();
$dnat_ress = &$dnats->ordered_list_tab();
$pnat_ress = &$pnats->ordered_list_tab();
saveRuleset($expolicy);
}else
if (isset($new_nat))
{
if (!in_array($nat_type, $NAT_TYPES))
{
log_error(sprintf(_('Sorry, bad parameter received (for "%s")'), 'nat type'));
log_and_exit(-1);
}
if (!check_input_var('ress', 'name', $new_nat))
log_and_exit(-1);
#Creating new NAT rule now.
$data = Array(
'name' => $new_nat,
);
try {
if ($nat_type == 'SNAT') {
$data['srcnet'] = '192.168.0.0/24';
$data['rewritetoaddr'] = '192.168.0.1';
$new = new nat($nat_type, $data,'data',$snats->new_id());
$snats->add_elt($new);
} else if ($nat_type == 'DNAT') {
$data['dstnet'] = '192.168.0.1';
$data['rewritetoaddr'] = '192.168.0.2';
$new = new nat($nat_type, $data,'data',$dnats->new_id());
$dnats->add_elt($new);
} else {
$data['dstnet'] = '192.168.0.1';
$new = new nat($nat_type, $data,'data',$pnats->new_id());
$pnats->add_elt($new);
}
$ch_nat = $new->ID;
saveRuleset($expolicy);
} catch (Exception $err) {
log_error(sprintf(_("Unable to create the new NAT rule: %s"),
$err->getMessage()), $err->getTrace());
}
}else
if (isset($ch_nat) and isset($ch_name) and isset($nat_nb) and isset($ch_proto))
{
if ($nat_type == 'SNAT')
{
$tmp=$snats->get_elt($ch_nat);
}else if ($nat_type == 'DNAT')
{
$tmp=$dnats->get_elt($ch_nat);
}else if ($nat_type == 'PNAT')
{
$tmp=$pnats->get_elt($ch_nat);
}else{
log_error(sprintf(_('Sorry, bad parameter received (for "%s")'), "nat type"));
log_and_exit(-1);
}
if (!isset($tmp))
{
log_error(sprintf(_('Sorry, cannot work on non-existing element: "%s"'), "nat".$ch_nat));
log_and_exit(-1);
}
$possible_protos=possible_values('elt','open_proto');
$match=0;
foreach ($possible_protos as $possible)
{
if ($possible == $ch_proto)
{
$match++;
break;
}
}
if ($match == 0)
{
log_error(sprintf(_('Sorry, bad parameter received (for "%s")'), "proto"));
log_and_exit(-1);
}
$possible_icmptypes=possible_values('proto','icmptype');
$match=0;
foreach ($possible_icmptypes as $possible)
{
if ($possible == $ch_icmptype)
{
$match++;
break;
}
}
if ($match == 0)
{
log_error(sprintf(_('Sorry, bad parameter received (for "%s")'), "icmp type"));
log_and_exit(-1);
}
if (!is_a_net($ch_srcnet, 'srcnet'))
{
log_and_exit(-1);
}
if (!is_a_net($ch_dstnet, 'dstnet'))
{
log_and_exit(-1);
}
if (check_ip($ch_nat_addr))
{
if (!check_input_var('ress', 'ID', $ch_nat_port, 'nat addr/nat port'))
{
log_and_exit(-1);
}
}
if (!check_input_var('ress', 'comment', $ch_comment))
{
log_and_exit(-1);
}
if (!check_input_var('ress', 'name', $ch_name))
{
log_and_exit(-1);
}
if ($nat_type == 'SNAT')
{
#Source NAT should be set
if (is_empty($ch_srcnet))
{
log_error(sprintf(_('Sorry, at least one parameter is missing (%s).'), "src net"));
log_and_exit(-1);
}
if ($netfilter_snat_supports_sport_randomization)
{
if (is_empty($rand_sport))
{
log_error(sprintf(_('Sorry, at least one parameter is missing (%s).'), "rand_sport"));
log_and_exit(-1);
}
}
}
if ($nat_type == 'DNAT')
{
#Source NAT should be set
if (is_empty($ch_dstnet))
{
log_error(sprintf(_('Sorry, at least one parameter is missing (%s).'), "dst net"));
log_and_exit(-1);
}
}
unset($received);
$seen_mod=0;
if ($nat_type == 'SNAT')
{
$my_nat=&$snats->get_elt_by_id($ch_nat);
}else if ($nat_type == 'DNAT')
{
$my_nat=&$dnats->get_elt_by_id($ch_nat);
}else{
$my_nat=&$pnats->get_elt_by_id($ch_nat);
}
$received['ID']=$my_nat->ID;
if ($netfilter_snat_supports_sport_randomization)
{
$received['rand_sport']=$rand_sport;
if ($rand_sport!=$my_nat->rand_sport)
$seen_mod++;
}
$received['srcnet']=$ch_srcnet;
if ($ch_srcnet!=$my_nat->srcnet)
$seen_mod++;
$received['dstnet']=$ch_dstnet;
if ($ch_dstnet!=$my_nat->dstnet)
$seen_mod++;
$received['proto']=$ch_proto;
if ($received['proto']!=$my_nat->proto)
$seen_mod++;
$received['icmptype']=$ch_icmptype;
if ($ch_icmptype!=$my_nat->icmptype)
$seen_mod++;
$received['comment']=$ch_comment;
if ($ch_comment!=$my_nat->comment)
$seen_mod++;
$received['name']=$ch_name;
if ($ch_name!=$my_nat->name)
$seen_mod++;
$received['sport']=$ch_sport;
if ($ch_sport!=$my_nat->sport)
$seen_mod++;
$received['dport']=$ch_dport;
if ($ch_dport!=$my_nat->dport)
$seen_mod++;
if (isset($ch_nat_addr))
{
$received['rewritetoaddr']=$ch_nat_addr;
if ($ch_nat_addr != $my_nat->rewritetoaddr)
$seen_mod++;
}
if (isset($ch_nat_port))
{
$received['rewritetoport']=$ch_nat_port;
if ($ch_nat_port != $my_nat->rewritetoport)
$seen_mod++;
}
$received['modified']=$my_nat->modified;
if ($seen_mod)
$received['modified'] = modifiedTimestamp();
$new_nat=new nat($nat_type, $received,'data',$my_nat->ID);
if ($nat_type == 'SNAT')
{
$snats->replace_elt($new_nat);
}else if ($nat_type == 'DNAT')
{
$dnats->replace_elt($new_nat);
}else{
$pnats->replace_elt($new_nat);
}
saveRuleset($expolicy);
}
/* save modified order */
$ch_nat_tmp = $ch_nat;
if($dndSortSnat){
$snats2 = nat_set_order($dndSortSnat, $snats,$ch_nat_tmp);
if($nat_type=="SNAT"){
$ch_nat = $ch_nat_tmp;
}
$snats=$snats2;
$expolicy->snats = $snats;
$_SESSION['modified']=1;
}
if($dndSortDnat){
$dnats2 = nat_set_order($dndSortDnat, $dnats,$ch_nat_tmp);
if($nat_type=="DNAT"){
$ch_nat = $ch_nat_tmp;
}
$dnats=$dnats2;
$expolicy->dnats = $dnats;
$_SESSION['modified']=1;
}
if($dndSortPnat){
$pnats2 = nat_set_order($dndSortPnat, $pnats,$ch_nat_tmp);
if($nat_type=="PNAT"){
$ch_nat = $ch_nat_tmp;
}
$pnats=$pnats2;
$expolicy->pnats = $pnats;
$_SESSION['modified']=1;
}
if($dndSortDnat or $dndSortPnat or $dndSortSnat){
sessionSaveRuleset($expolicy);
}
/* Page DISPLAY */
$nat_menu_class = "aclmenu_ext";
echo "<div class=\"$nat_menu_class\">\n";
displayNatReorderButtons();
displaySNAT($snats);
displayDNAT($dnats);
displayPNAT($pnats);
displayNatReorderButtons();
print "\n</div>\n";
begin_content_detail();
print _('New NAT rule:');
print "<form action=\"$title.php\" method=\"post\">";
select_list('nat_type', $NAT_TYPES);
print ' <input type="text" size="20" name="new_nat"> ';
print '<input type="submit" value="'._('New').'" class="button">';
print '</form>';
end_content_detail();
if (isset($ch_nat)){
begin_content_detail();
editNat($expolicy, $nat_type, $ch_nat);
end_content_detail();
}
print_ask_save_changes();
require_once ("include/footer.php");
?>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
dca483b59ba61f3fa092de932ddd570e
>
files
>
721
