4 require './ipfilter-lib.pl';
6 $rules = &get_ipnat_config();
9 $rule = $rules->[$in{'idx'}];
12 $rule = { 'file' => $config{'ipnat_conf'},
18 &lock_file($rule->{'file'});
21 &unlock_file($rule->{'file'});
22 &webmin_log("delete", "nat", undef, $rule);
27 # Validate and store inputs, starting with action
28 &error_setup($text{'nat_err'});
29 $rule->{'cmt'} = $in{'cmt'};
30 $rule->{'active'} = $in{'active'};
31 $rule->{'action'} = $in{'action'};
33 if ($rule->{'action'} ne 'rdr') {
34 # Parse source options
35 $rule->{'iface'} = &parse_interface_choice("iface", $text{'nat_eiface'});
36 if ($in{'frommode'} == 0) {
37 delete($rule->{'from'});
38 &parse_ipmask_input("from");
41 $in{'action'} eq 'map-block' && &error($text{'nat_emapblock1'});
43 &parse_object_input($rule, "from");
44 &parse_object_input($rule, "fromto");
48 delete($rule->{'tostart'});
49 if ($in{'tomode'} == 0) {
50 &parse_ipmask_input("to");
52 elsif ($in{'tomode'} == 2) {
53 $rule->{'toip'} = '0.0.0.0';
54 $rule->{'tomask'} = 32;
57 $in{'action'} eq 'map-block' && &error($text{'nat_emapblock2'});
58 &check_ipaddress($in{'tostart'}) ||
59 &error($text{'nat_etostart'});
60 &check_ipaddress($in{'toend'}) ||
61 &error($text{'nat_etoend'});
62 $rule->{'tostart'} = $in{'tostart'};
63 $rule->{'toend'} = $in{'toend'};
67 if ($in{'portmapmode'} == 0) {
68 delete($rule->{'portmap'});
71 $rule->{'portmap'} = $in{'portmap'};
72 if ($in{'portmapnoauto'}) {
73 $rule->{'portauto'} = 0;
74 &valid_port($in{'portmapfrom'}) ||
75 &error($text{'nat_eportmapfrom'});
76 &valid_port($in{'portmapto'}) ||
77 &error($text{'nat_eportmapto'});
78 $rule->{'portmapfrom'} = $in{'portmapfrom'};
79 $rule->{'portmapto'} = $in{'portmapto'};
82 $rule->{'portauto'} = 1;
86 # Parse application proxy
87 if ($in{'proxymode'} == 0) {
88 delete($rule->{'proxyport'});
91 &parse_proxy_input("proxy");
96 $rule->{'proto'} = $in{'protoproto'};
99 delete($rule->{'proto'});
101 $rule->{'frag'} = $in{'frag'};
102 if ($in{'mssclamp'}) {
103 $in{'mss'} =~ /^\d+$/ || &error($text{'nat_emss'});
104 $rule->{'mssclamp'} = $in{'mss'};
107 delete($rule->{'mssclamp'});
110 &parse_proxy_input("oproxy");
113 delete($rule->{'oproxyport'});
117 # Validate and store redirect inputs
118 $rule->{'iface'} = &parse_interface_choice("iface", $text{'nat_eiface'});
120 # Save redirect address
121 &parse_ipmask_input("from");
123 # Save destination ports
124 if ($in{'dportsmode'} == 0) {
125 &valid_port($in{'dport'}) || &error($text{'nat_edport'});
126 $rule->{'dport1'} = $in{'dport'};
127 delete($rule->{'dport2'});
130 &valid_port($in{'dport1'}) || &error($text{'nat_edport1'});
131 &valid_port($in{'dport2'}) || &error($text{'nat_edport2'});
132 $rule->{'dport1'} = $in{'dport1'};
133 $rule->{'dport2'} = $in{'dport2'};
137 $rule->{'rdrproto'} = $in{'rdrproto'};
140 @ips = split(/\s+/, $in{'rdrip'});
142 &check_ipaddress($ip) || &error(&text('net_erdrip', $ip));
144 @ips || &error($text{'nat_erdrips'});
145 $rule->{'rdrip'} = \@ips;
148 &valid_port($in{'rdrport'}) || &error($text{'nat_erdrport'});
149 $rule->{'rdrport'} = $in{'rdrport'};
152 $rule->{'round-robin'} = $in{'round-robin'};
153 $rule->{'frag'} = $in{'frag'};
154 if ($in{'mssclamp'}) {
155 $in{'mss'} =~ /^\d+$/ || &error($text{'nat_emss'});
156 $rule->{'mssclamp'} = $in{'mss'};
159 delete($rule->{'mssclamp'});
163 &lock_file($rule->{'file'});
165 if ($in{'before'} ne '') {
166 # Insert before some rule
167 $before = $rules->[$in{'before'}];
168 &insert_rule($rule, $before);
170 elsif ($in{'after'} ne '') {
171 if ($in{'after'} == @$rules - 1) {
172 &create_rule($rule); # at end anyway
175 # Insert after some rule
176 $before = $rules->[$in{'after'}+1];
177 &insert_rule($rule, $before);
189 &unlock_file($rule->{'file'});
191 &webmin_log($in{'new'} ? "create" : "modify", "nat", undef, $rule);
195 # parse_ipmask_input(prefix)
196 sub parse_ipmask_input
199 &check_ipaddress($in{$pfx."ip"}) || &error($text{'nat_e'.$pfx.'ip'});
200 &check_ipaddress($in{$pfx."mask"}) ||
201 $in{$pfx."mask"} =~ /^\d+$/ &&
202 $in{$pfx."mask"} >= 0 && $in{$pfx."mask"} <= 32 ||
203 &error($text{'nat_e'.$pfx.'ip'});
204 $rule->{$pfx."ip"} = $in{$pfx."ip"};
205 $rule->{$pfx."mask"} = $in{$pfx."mask"};
208 sub parse_proxy_input
211 &valid_port($in{$pfx."port"}) || &error($text{'nat_e'.$pfx.'port'});
212 &valid_port($in{$pfx."name"}) || &error($text{'nat_e'.$pfx.'name'});
213 $rule->{$pfx."port"} = $in{$pfx."port"};
214 $rule->{$pfx."name"} = $in{$pfx."name"};
215 $rule->{$pfx."proto"} = $in{$pfx."proto"};