Changeset 291 for trunk/system
- Timestamp:
- Oct 2, 2010, 4:24:15 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/generators/firewall_nat.php
r288 r291 13 13 14 14 $InetInterface = $Config['MainRouter']['InetInterface']; 15 $IPCentrala = '10.145.64.8'; 15 16 16 17 $Items = array(); 18 19 /* 17 20 // NTP redirect 18 21 $Items[] = array('chain' => 'srcnat', 'src-address' => '10.145.66.1', 'protocol' => 'udp', 'src-port' => 123, 'action' => 'src-nat', 'to-addresses' => '10.145.64.1', 'comment' => 'NTP_redirect_4'); … … 22 25 $Items[] = array('chain' => 'srcnat', 'src-address' => '10.145.66.250', 'protocol' => 'udp', 'src-port' => 123, 'action' => 'src-nat', 'to-addresses' => '10.145.64.1', 'comment' => 'NTP_redirect_3'); 23 26 $Items[] = array('chain' => 'srcnat', 'src-address' => '10.145.66.253', 'protocol' => 'udp', 'src-port' => 123, 'action' => 'src-nat', 'to-addresses' => '10.145.64.1', 'comment' => 'NTP_redirect_6'); 27 */ 24 28 25 29 // Chain for inet interface … … 43 47 $Name = RouterOSIdent($Name); 44 48 echo($Name.'('.$Interface['LocalIP'].'), '); 45 $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat', 'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out'); 46 $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in'); 49 if($Member['Blocked'] == 0) 50 { 51 $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat', 'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out'); 52 $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in'); 53 } else 54 { 55 $Items[] = array('chain' => 'dstnat', 'src-address' => $Interface['LocalIP'], 'dst-port' => 80, 'action' => 'dst-nat', 'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Name.'-out'); 56 } 47 57 } 48 58 … … 53 63 $Subnet['Name'] = RouterOSIdent('subnet-'.$Subnet['Name']); 54 64 echo($Subnet['Name'].'('.$Subnet['AddressRange'].'/'.$Subnet['Mask'].'), '); 55 $NewAddress = new NetworkAddressIPv4(); 56 $NewAddress->AddressFromString($Subnet['ExtAddressRange']); 57 $NewAddress->Prefix = $Subnet['ExtMask']; 58 $Range = $NewAddress->GetRange(); 59 if($Subnet['ExtMask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString(); 60 else $Range = $Range['From']->AddressToString(); 61 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 62 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; 63 $Items[] = array('chain' => 'inet-out', 'src-address' => $Src, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out'); 65 if($Member['Blocked'] == 0) 66 { 67 $NewAddress = new NetworkAddressIPv4(); 68 $NewAddress->AddressFromString($Subnet['ExtAddressRange']); 69 $NewAddress->Prefix = $Subnet['ExtMask']; 70 $Range = $NewAddress->GetRange(); 71 if($Subnet['ExtMask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString(); 72 else $Range = $Range['From']->AddressToString(); 73 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 74 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; 75 $Items[] = array('chain' => 'inet-out', 'src-address' => $Src, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out'); 64 76 65 $NewAddress = new NetworkAddressIPv4(); 66 $NewAddress->AddressFromString($Subnet['AddressRange']); 67 $NewAddress->Prefix = $Subnet['Mask']; 68 $Range = $NewAddress->GetRange(); 69 if($Subnet['Mask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString(); 70 else $Range = $Range['From']->AddressToString(); 71 if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange']; 72 else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask']; 73 $Items[] = array('chain' => 'inet-in', 'dst-address' => $Dest, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in'); 77 $NewAddress = new NetworkAddressIPv4(); 78 $NewAddress->AddressFromString($Subnet['AddressRange']); 79 $NewAddress->Prefix = $Subnet['Mask']; 80 $Range = $NewAddress->GetRange(); 81 if($Subnet['Mask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString(); 82 else $Range = $Range['From']->AddressToString(); 83 if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange']; 84 else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask']; 85 $Items[] = array('chain' => 'inet-in', 'dst-address' => $Dest, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in'); 86 } else 87 { 88 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 89 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; 90 $Items[] = array('chain' => 'dstnat', 'src-address' => $Src, 'dst-port' => 80, 'action' => 'dst-nat', 'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Subnet['Name'].'-out'); 91 } 74 92 } 75 93 echo("\n");
Note:
See TracChangeset
for help on using the changeset viewer.