Allow maquerade in custom chain

diff --git a/firewall/CHANGELOG b/firewall/CHANGELOG
index fa5cd2f..7bcdfd7 100644 (file)
--- a/firewall/CHANGELOG
+++ b/firewall/CHANGELOG
@@ -18,4 +18,4 @@ On Debian 3.1 systems, IPtables rules are saved in /etc/iptables.up.rules and ac
 ---- Changes since 1.350 ----
 Added a setup option to configure a firewall for a typical hosting server.
 ---- Changes since 1.400 ----
-Show SNAT inputs in custom NAT chains.
+Show SNAT and masquerade inputs in custom NAT chains.

diff --git a/firewall/edit_rule.cgi b/firewall/edit_rule.cgi
index 1664572..42a9367 100755 (executable)
--- a/firewall/edit_rule.cgi
+++ b/firewall/edit_rule.cgi
@@ -122,7 +122,8 @@ if (($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'POSTROUTING') &&
                    "<input name=rtoto size=6 value='$rtoto'>"),"</td> </tr>\n";
        }
 
-if (($table->{'name'} eq 'nat' && $rule->{'chain'} eq 'POSTROUTING') &&
+if (($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'PREROUTING' &&
+     $rule->{'chain'} ne 'OUTPUT') &&
     &can_jump("MASQUERADE")) {
        # Show inputs for masquerading ports
        if ($rule->{'j'}->[1] eq 'MASQUERADE') {

diff --git a/firewall/save_rule.cgi b/firewall/save_rule.cgi
index 9d71938..7e360b5 100755 (executable)
--- a/firewall/save_rule.cgi
+++ b/firewall/save_rule.cgi
@@ -58,8 +58,9 @@ else {
                        delete($rule->{'reject-with'});
                        }
                }
-       if ($table->{'name'} eq 'nat' && $rule->{'chain'} ne 'POSTROUTING' ||
-           $table->{'name'} eq 'nat' && $rule->{'chain'} eq 'POSTROUTING') {
+
+       # Parse redirect or masquerade input
+       if ($table->{'name'} eq 'nat') {
                if ($rule->{'j'}->[1] eq 'REDIRECT' && !$in{'rtodef'}) {
                        $in{'rtofrom'} =~ /^\d+$/ ||
                                &error($text{'save_ertoports'});