Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/system/generators/firewall_nat.php@ 266

Last change on this file since 266 was 266, checked in by george, 16 years ago
Upraveno: Skript pro generování řízení toku rozdělen na část firewall mangle a část fron queue-tree. Upraveno: Některé skripty generování nastavení přejmenovány na názvy bez hesla routerboard.
File size: 3.8 KB

Line
1	<?php
2
3	if(isset($_SERVER['REMOTE_ADDR'])) die();
4	include('../../global.php');
5	include('../routerboard.php');
6	$Path = array('ip', 'firewall', 'nat');
7
8	$Routerboard = new Routerboard($Config['MainRouter']['HostName']);
9	$Routerboard->UserName = $Config['MainRouter']['UserName'];
10	$Routerboard->Timeout = $Config['MainRouter']['ConnectTimeout'];
11	$Routerboard->Debug = true;
12
13	$InetInterface = $Config['MainRouter']['InetInterface'];
14
15	$Items = array();
16	$DbResult = $Database->query('SELECT Member.*, Subject.Name FROM Member JOIN Subject ON Member.Subject = Subject.Id');
17	while($Member = $DbResult->fetch_assoc())
18	{
19	echo($Member['Name'].': ');
20	// Hosts
21	$DbResult2 = $Database->query('SELECT NetworkInterface.*, NetworkDevice.Name AS DeviceName FROM NetworkInterface LEFT JOIN NetworkDevice ON NetworkDevice.Id = NetworkInterface.Device WHERE (NetworkInterface.ExternalIP <> "") AND (NetworkDevice.Member = '.$Member['Id'].') AND (NetworkInterface.LocalIP != NetworkInterface.ExternalIP) ORDER BY id DESC');
22	while($Interface = $DbResult2->fetch_assoc())
23	{
24	$Name = $Interface['DeviceName'];
25	if($Interface['Name'] != '') $Name .= '-'.$Interface['Name'];
26	$Name = RouterOSIdent($Name);
27	echo($Name.'('.$Interface['LocalIP'].'), ');
28	$Items[] = array('chain' => 'srcnat', 'src-address' => $Interface['LocalIP'], 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name);
29	$Items[] = array('chain' => 'dstnat', 'dst-address' => $Interface['ExternalIP'], 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name);
30	}
31
32	// Subnets
33	$DbResult2 = $Database->select('NetworkSubnet', '*', 'Member='.$Member['Id']);
34	while($Subnet = $DbResult2->fetch_assoc())
35	{
36	$Subnet['Name'] = RouterOSIdent('subnet-'.$Subnet['Name']);
37	echo($Subnet['Name'].'('.$Subnet['AddressRange'].'/'.$Subnet['Mask'].'), ');
38	$Range = CIDRToAddressRange($Subnet['ExtAddressRange'], $Subnet['ExtMask']);
39	if($Subnet['ExtMask'] != 32) $Range = $Range['From'].'-'.$Range['To'];
40	else $Range = $Range['From'];
41	if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange'];
42	else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask'];
43	$Items[] = array('chain' => 'srcnat', 'src-address' => $Src, 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name']);
44
45	$Range = CIDRToAddressRange($Subnet['AddressRange'], $Subnet['Mask']);
46	if($Subnet['Mask'] != 32) $Range = $Range['From'].'-'.$Range['To'];
47	else $Range = $Range['From'];
48	if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange'];
49	else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'];
50	$Items[] = array('chain' => 'dstnat', 'dst-address' => $Dest, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name']);
51	}
52	echo("\n");
53	}
54
55	// Masquerade hosts without public ip
56	$Items[] = array('chain' => 'srcnat', 'out-interface' => $InetInterface, 'action' => 'masquerade', 'comment' => 'Default_NAT');
57	// Redirect DNS port
58	$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
59	$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
60
61	$Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment'), $Items);
62
63	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: