- Timestamp:
- Feb 28, 2010, 8:42:11 AM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/generators/firewall_nat.php
r277 r278 15 15 16 16 $Items = array(); 17 // Chain for inet interface 18 $Items[] = array('chain' => 'srcnat', 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-out', 'comment' => 'inet-out'); 19 $Items[] = array('chain' => 'dstnat', 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-in', 'comment' => 'inet-in'); 20 21 // Skip local subnet 22 //$Items[] = array('chain' => 'inet-out', 'dst-address' => '172.16.1.1/30', 'action' => 'accept', 'comment' => 'Local_subnet'); 23 //$Items[] = array('chain' => 'inet-in', 'dst-address' => '172.16.1.1/30', 'action' => 'accept', 'comment' => 'Local_subnet'); 24 17 25 $DbResult = $Database->query('SELECT Member.*, Subject.Name FROM Member JOIN Subject ON Member.Subject = Subject.Id'); 18 26 while($Member = $DbResult->fetch_assoc()) … … 27 35 $Name = RouterOSIdent($Name); 28 36 echo($Name.'('.$Interface['LocalIP'].'), '); 29 $Items[] = array('chain' => ' srcnat', 'src-address' => $Interface['LocalIP'], 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out');30 $Items[] = array('chain' => ' dstnat', 'dst-address' => $Interface['ExternalIP'], 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');37 $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat', 'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out'); 38 $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in'); 31 39 } 32 40 … … 45 53 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 46 54 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; 47 $Items[] = array('chain' => ' srcnat', 'src-address' => $Src, 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out');55 $Items[] = array('chain' => 'inet-out', 'src-address' => $Src, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out'); 48 56 49 57 $NewAddress = new NetworkAddressIPv4(); … … 55 63 if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange']; 56 64 else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask']; 57 $Items[] = array('chain' => ' dstnat', 'dst-address' => $Dest, 'in-interface' => $InetInterface, 'action' => 'dst-nat','to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in');65 $Items[] = array('chain' => 'inet-in', 'dst-address' => $Dest, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in'); 58 66 } 59 67 echo("\n"); … … 61 69 62 70 // Masquerade hosts without public ip 63 $Items[] = array('chain' => ' srcnat', 'out-interface' => $InetInterface, 'action' => 'masquerade', 'comment' => 'Default_NAT');71 $Items[] = array('chain' => 'inet-out', 'action' => 'masquerade', 'comment' => 'Default_NAT'); 64 72 // Redirect DNS port 65 $Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');66 $Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');73 //$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP'); 74 //$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP'); 67 75 68 76 //print_r($Items); 69 $Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment' ), $Items);77 $Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment', 'jump-target'), $Items); 70 78 71 79 ?>
Note:
See TracChangeset
for help on using the changeset viewer.