Changeset 112 for system/generators/iptables.php

Timestamp:

Nov 9, 2008, 8:05:48 PM (16 years ago)

Author:

george

Message:

• Opraveno: Korekce systémových skriptů po aktualizaci Centrály

File:

• system/generators/iptables.php (modified) (6 diffs)

system/generators/iptables.php

@@ -8 +8 @@
 //    exec('/sbin/iptables -t nat -A Block -p tcp --destination-port 80 -j REDIRECT --to-ports 3128');
 
+
+
+/*
 // Blocking according IP address
 $DbResult = $Database->select('users', '*', 'inet = 0'); 
@@ -18 +21 @@
   }
 }
-$DbResult = $Database->select('users', '*', 'inet = 1'); 
+$DbResult = $Database->select('users', '*', 'inet = 1');
 while($User = $DbResult->fetch_array())
 {
@@ -28 +31 @@
 }
 
+*/
+
 // Blocking according MAC address
-$DbResult = $Database->select('users', '*'); 
+$DbResult = $Database->select('users', '*');
 while($User = $DbResult->fetch_array())
 {
@@ -39 +44 @@
     if($User['inet'] == 0)
     {
-      if(($Row['block'] == 0) and ($Row['type'] == 1)) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
-        else exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
+      //if(($Row['block'] == 0) and ($Row['type'] == 1)) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
+      //    else exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
     } else {
       if($Row['vpn'] == 0) 
@@ -46 +51 @@
         $CZFreeLocalIP = $Row['IP'];
         //echo($Row['external_ip']."\n");
-        if($Row['name'] == 'TBC')
-        {
-          exec('/sbin/iptables -t nat -A PreroutingDNAT -m tcp -p tcp --dport 3724 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP'].':3725');  
-          exec('/sbin/iptables -t nat -A POSTROUTING -m tcp -p tcp -s '.$Row['IP'].' --sport 3725 -o eth1 -j SNAT --to-source '.$Row['external_ip'].':3724');  
-        }
+        //if($Row['name'] == 'TBC')
+        //{
+        //  exec('/sbin/iptables -t nat -A PreroutingDNAT -m tcp -p tcp --dport 3724 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP'].':3725');
+        //  exec('/sbin/iptables -t nat -A POSTROUTING -m tcp -p tcp -s '.$Row['IP'].' --sport 3725 -o eth1 -j SNAT --to-source '.$Row['external_ip'].':3724');
+        //}
         if(strtolower($Row['name']) != 'centrala')
         {
           if($Row['external_ip'] != '')
           {
-            exec('/sbin/iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);  
-            exec('/sbin/iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j ACCEPT');  
-            exec('/sbin/iptables -t nat -A POSTROUTING -s '.$Row['IP'].' -o eth1 -j SNAT --to-source '.$Row['external_ip']);  
+            exec('/sbin/iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);
+            exec('/sbin/iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j ACCEPT');
+            exec('/sbin/iptables -t nat -A POSTROUTING -s '.$Row['IP'].' -o eth1 -j SNAT --to-source '.$Row['external_ip']);
           }
-          exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
+          //exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
         }
       }
-      else 
+      else
       {
         $CZFreeLocalIP = $Row['external_ip'];
  //echo('vpn');
-        //exec('/sbin/iptables -t nat -A PreroutingDNAT -s '.$Row['IP'].' -p udp -m udp --dport 55556 -j DROP');  
-        if($Row['external_ip'] != '') exec('/sbin/iptables -t nat -A PreroutingDNAT -d '.$Row['external_ip'].' -j ACCEPT');  
+        //exec('/sbin/iptables -t nat -A PreroutingDNAT -s '.$Row['IP'].' -p udp -m udp --dport 55556 -j DROP');
+        if($Row['external_ip'] != '') exec('/sbin/iptables -t nat -A PreroutingDNAT -d '.$Row['external_ip'].' -j ACCEPT');
         exec('/sbin/iptables -t nat -A Block -s '.ToVpnIp($Row)." -j Proxy");
 
-        if($Row['vpn'] == 1) 
-        {
-          exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
-        } else if($Row['vpn'] == 2) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
+        //if($Row['vpn'] == 1)
+        //{
+          //exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
+        //} else if($Row['vpn'] == 2) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
       }
       if($Row['czfree_ip'] != '')
       {
         // CZFree
-        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j DNAT --to-destination '.$CZFreeLocalIP);  
-        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j ACCEPT');  
-        exec('/sbin/iptables -t nat -A POSTROUTING -s '.$CZFreeLocalIP.' -o tun0 -j SNAT --to-source '.$Row['czfree_ip']);  
+        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j DNAT --to-destination '.$CZFreeLocalIP);
+        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j ACCEPT');
+        exec('/sbin/iptables -t nat -A POSTROUTING -s '.$CZFreeLocalIP.' -o tun0 -j SNAT --to-source '.$Row['czfree_ip']);
       }
     }
@@ -87 +92 @@
 }
 
+
 // SMTP NAT port 25
-$DbResult = $Database->select('hosts', '*', 'name="MAIL"');
+$DbResult = $Database->select('hosts', '*', 'name="mail"');
 $Row = $DbResult->fetch_array();
-exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP');  
-exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);  
-exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT');  
-exec('/sbin/iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']);  
+exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP');
+exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);
+exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT');
+exec('/sbin/iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
 
 // Local network NAT
-$DbResult = $Database->select('hosts', '*', 'name="GATE"');
+$DbResult = $Database->select('hosts', '*', 'name="gate"');
 $Row = $DbResult->fetch_array();
 exec('/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);