Changeset 278


Ignore:
Timestamp:
Feb 28, 2010, 8:42:11 AM (14 years ago)
Author:
george
Message:
  • Upraveno: Při generování pravidel pro NAT router použij samostatný řetězec pravidel.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/system/generators/firewall_nat.php

    r277 r278  
    1515
    1616$Items = array();
     17// Chain for inet interface
     18$Items[] = array('chain' => 'srcnat', 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-out', 'comment' => 'inet-out');
     19$Items[] = array('chain' => 'dstnat', 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-in', 'comment' => 'inet-in');
     20
     21// Skip local subnet
     22//$Items[] = array('chain' => 'inet-out', 'dst-address' => '172.16.1.1/30', 'action' => 'accept', 'comment' => 'Local_subnet');     
     23//$Items[] = array('chain' => 'inet-in', 'dst-address' => '172.16.1.1/30', 'action' => 'accept', 'comment' => 'Local_subnet');
     24
    1725$DbResult = $Database->query('SELECT Member.*, Subject.Name FROM Member JOIN Subject ON Member.Subject = Subject.Id');
    1826while($Member = $DbResult->fetch_assoc())
     
    2735    $Name = RouterOSIdent($Name);
    2836    echo($Name.'('.$Interface['LocalIP'].'), ');
    29     $Items[] = array('chain' => 'srcnat', 'src-address' => $Interface['LocalIP'], 'out-interface' => $InetInterface, 'action' => 'src-nat',  'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out');
    30     $Items[] = array('chain' => 'dstnat', 'dst-address' => $Interface['ExternalIP'], 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');
     37    $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat',  'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out');
     38    $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');
    3139  }
    3240
     
    4553    if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange'];
    4654      else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask'];
    47     $Items[] = array('chain' => 'srcnat', 'src-address' => $Src, 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out');
     55    $Items[] = array('chain' => 'inet-out', 'src-address' => $Src, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out');
    4856   
    4957    $NewAddress = new NetworkAddressIPv4();
     
    5563    if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange'];
    5664      else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'];
    57     $Items[] = array('chain' => 'dstnat', 'dst-address' => $Dest, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in');
     65    $Items[] = array('chain' => 'inet-in', 'dst-address' => $Dest, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in');
    5866  }
    5967  echo("\n");
     
    6169
    6270// Masquerade hosts without public ip
    63 $Items[] = array('chain' => 'srcnat', 'out-interface' => $InetInterface, 'action' => 'masquerade', 'comment' => 'Default_NAT');     
     71$Items[] = array('chain' => 'inet-out', 'action' => 'masquerade', 'comment' => 'Default_NAT');     
    6472// Redirect DNS port
    65 $Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
    66 $Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
     73//$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
     74//$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
    6775
    6876//print_r($Items);
    69 $Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment'), $Items);
     77$Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment', 'jump-target'), $Items);
    7078
    7179?>
Note: See TracChangeset for help on using the changeset viewer.