Changeset 240 for trunk/system
- Timestamp:
- Aug 2, 2009, 12:19:41 PM (15 years ago)
- Location:
- trunk/system
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/generators/nat_routerboard.php
r235 r240 2 2 3 3 if(isset($_SERVER['REMOTE_ADDR'])) die(); 4 include_once('../../global.php'); 4 include('../../global.php'); 5 include('../routerboard.php'); 6 $Path = array('ip', 'firewall', 'nat'); 7 8 $Routerboard = new Routerboard($Config['MainRouter']['HostName']); 9 $Routerboard->UserName = $Config['MainRouter']['UserName']; 10 $Routerboard->Timeout = $Config['MainRouter']['ConnectTimeout']; 5 11 6 12 $InetInterface = $Config['MainRouter']['InetInterface']; 7 13 8 $Commands = array(); 9 $Commands[] = '/ip firewall nat { remove [find] }'; 10 14 $Items = array(); 11 15 $DbResult = $Database->query('SELECT Member.*, Subject.Name FROM Member JOIN Subject ON Member.Subject = Subject.Id'); 12 16 while($Member = $DbResult->fetch_assoc()) … … 21 25 $Name = RouterOSIdent($Name); 22 26 echo($Name.'('.$Interface['LocalIP'].'), '); 23 $Commands[] = ' /ip firewall nat add chain=srcnat src-address='.$Interface['LocalIP'].' out-interface='.$InetInterface.' action=src-nat to-addresses='.$Interface['ExternalIP'].' comment="'.$Name.'"'; 24 $Commands[] = ' /ip firewall nat add chain=dstnat dst-address='.$Interface['ExternalIP'].' in-interface='.$InetInterface.' action=dst-nat to-addresses='.$Interface['LocalIP'].' comment="'.$Name.'"'; 25 26 // Temporary old incoming public subnet range 27 $ExternalIPParts = explode('.', $Interface['ExternalIP']); 28 $ExternalIPParts[0] = 85; 29 $ExternalIPParts[1] = 92; 30 $ExternalIPParts[2] = 50; 31 $Interface['ExternalIP'] = implode('.', $ExternalIPParts); 32 $Commands[] = ' /ip firewall nat add chain=dstnat dst-address='.$Interface['ExternalIP'].' in-interface='.$InetInterface.' action=dst-nat to-addresses='.$Interface['LocalIP'].' comment="'.$Name.'"'; 27 $Items[] = array('chain' => 'srcnat', 'src-address' => $Interface['LocalIP'], 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name); 28 $Items[] = array('chain' => 'dstnat', 'dst-address' => $Interface['ExternalIP'], 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name); 33 29 } 34 30 … … 41 37 $Range = CIDRToAddressRange($Subnet['ExtAddressRange'], $Subnet['ExtMask']); 42 38 $Range = $Range['From'].'-'.$Range['To']; 43 $ Commands[] = ' /ip firewall nat add chain=srcnat src-address='.$Subnet['AddressRange'].'/'.$Subnet['Mask'].' out-interface='.$InetInterface.' action=src-nat to-addresses='.$Range.' comment="'.$Subnet['Name'].'"';39 $Items[] = array('chain' => 'srcnat', 'src-address' => $Subnet['AddressRange'].'/'.$Subnet['Mask'], 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name']); 44 40 $Range = CIDRToAddressRange($Subnet['AddressRange'], $Subnet['Mask']); 45 41 $Range = $Range['From'].'-'.$Range['To']; 46 $ Commands[] = ' /ip firewall nat add chain=dstnat dst-address='.$Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'].' in-interface='.$InetInterface.' action=dst-nat to-addresses='.$Range.' comment="'.$Subnet['Name'].'"';42 $Items[] = array('chain' => 'dstnat', 'dst-address' => $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'], 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name']); 47 43 } 48 44 echo("\n"); … … 50 46 51 47 // Masquerade hosts without public ip 52 $ Commands[] = ' /ip firewall nat add chain=srcnat out-interface='.$InetInterface.' action=masquerade comment="Default NAT"';48 $Items[] = array('chain' => 'srcnat', 'out-interface' => $InetInterface, 'action' => 'masquerade', 'comment' => 'Default_NAT'); 53 49 // Redirect DNS port 54 $ Commands[] = ' /ip firewall nat add chain=dstnat dst-address=212.111.4.174 protocol=tcp dst-port=53 in-interface='.$InetInterface.' action=dst-nat to-address=192.168.0.1 to-ports=53 comment="DNS redirection UDP"';55 $ Commands[] = ' /ip firewall nat add chain=dstnat dst-address=212.111.4.174 protocol=udp dst-port=53 in-interface='.$InetInterface.' action=dst-nat to-address=192.168.0.1 to-ports=53 comment="DNS redirection UDP"';50 $Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '192.168.0.1', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP'); 51 $Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '192.168.0.1', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP'); 56 52 57 $Commands = addslashes(implode(';', $Commands)); 58 $Command = '/usr/bin/ssh -o ConnectTimeout=5 -l '.$Config['MainRouter']['UserName'].' -i id_dsa '.$Config['MainRouter']['HostName'].' "'.$Commands.'"'; 59 $Output = array(); 60 //echo($Command."\n"); 61 exec($Command, $Output); 62 //array_pop($Output); 63 //print_r($Output); 64 65 /* 66 // SMTP NAT port 25 67 $DbResult = $Database->select('hosts', '*', 'name="mail"'); 68 $Row = $DbResult->fetch_array(); 69 exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP'); 70 exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']); 71 exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT'); 72 exec('/sbin/iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']); 73 74 // Local network NAT 75 $DbResult = $Database->select('hosts', '*', 'name="gate"'); 76 $Row = $DbResult->fetch_array(); 77 exec('/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']); 78 //exec('/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']); 79 //exec('/sbin/iptables -t nat -A POSTROUTING -s 212.111.16.94 -o eth1 -j MASQUERADE'); 80 81 exec('/sbin/iptables-save>/etc/sysconfig/iptables'); 82 */ 53 $Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment'), $Items); 83 54 84 55 ?> -
trunk/system/routerboard.php
r239 r240 9 9 var $Password; 10 10 var $PrivateKey = 'id_dsa'; 11 var $MaxBurstLineCount = 100; 11 12 12 13 function __construct($HostName = 'localhost', $UserName = 'admin', $Password = '') … … 18 19 19 20 function Execute($Commands) 21 { 22 $Output = array(); 23 if(is_array($Commands)) 24 { 25 $I = 0; 26 $Batch = array(); 27 while($I < count($Commands)) 28 { 29 if(($I % $this->MaxBurstLineCount) == 0) 30 { 31 if(count($Batch) > 0) 32 $Output = array_merge($Output, $this->ExecuteBatch(implode(';', $Batch))); 33 $Batch = array(); 34 } 35 $Batch[] = $Commands[$I]; 36 $I++; 37 } 38 if(count($Batch) > 0) 39 $Output = array_merge($Output, $this->ExecuteBatch(implode(';', $Batch))); 40 } else 41 $Output = array_merge($Output, $this->ExecuteBatch($Commands)); 42 return($Output); 43 } 44 45 function ExecuteBatch($Commands) 20 46 { 21 if(is_array($Commands)) $Commands = implode(';', $Commands);22 47 $Commands = trim($Commands); 23 48 if($Commands != '') … … 27 52 $Commands = str_replace('$', '\$', $Commands); 28 53 $Command = $this->SSHPath.' -o ConnectTimeout='.$this->Timeout.' -l '.$this->UserName.' -i '.$this->PrivateKey.' '.$this->HostName.' "'.$Commands.'"'; 29 //echo($Command);54 echo($Command); 30 55 exec($Command, $Output); 31 56 } else $Output = ''; 32 //print_r($Output);57 print_r($Output); 33 58 return($Output); 34 59 } … … 76 101 { 77 102 $Value = explode('=', $ResultLinePart); 78 $ListItem[$Properties[$Value[0]]] = $Value[1]; 103 if(count($Value) > 1) $ListItem[$Properties[$Value[0]]] = $Value[1]; 104 else $ListItem[$Properties[$Value[0]]] = ''; 79 105 } 80 106 $List[] = $ListItem; … … 91 117 { 92 118 $List = $this->ListGet($Path, $Properties, $Condition); 93 //print_r($List);94 //print_r($Values);95 119 $Commands = array(); 120 121 // Add empty properties to values 122 foreach($Values as $Index => $Item) 123 { 124 foreach($Properties as $Property) 125 { 126 if(!array_key_exists($Property, $Item)) 127 $Item[$Property] = ''; 128 } 129 $Values[$Index] = $Item; 130 } 131 132 print_r($List); 133 print_r($Values); 96 134 97 135 // Erase all items not existed in $Values … … 103 141 foreach($ListItem as $Index => $Property) 104 142 { 105 $Prop .= $Index.'="'.$Property.'" ';143 if($Property != '') $Prop .= $Index.'="'.$Property.'" '; 106 144 } 107 145 $Prop = substr($Prop, 0, -1); … … 118 156 foreach($ListItem as $Index => $Property) 119 157 { 120 $Prop .= $Index.'='.$Property.'';158 if($Property != '') $Prop .= $Index.'="'.$Property.'" '; 121 159 } 122 160 $Prop = substr($Prop, 0, -1); … … 124 162 } 125 163 } 126 //print_r($Commands);164 print_r($Commands); 127 165 return($this->Execute($Commands)); 128 166 }
Note:
See TracChangeset
for help on using the changeset viewer.