Changeset 10950

Timestamp:

11/19/08 16:41:56 (5 years ago)

Author:

eko

Message:

alowed remote admin ip prep. (gui will follow)

Location:

src/router/services

Files:

• networking/firewall.c (modified) (3 diffs)
• sysinit/defaults.c (modified) (1 diff)

src/router/services/networking/firewall.c

@@ -605 +605 @@
 static void nat_prerouting( void )
 {
+        char var[256], *wordlist, *next;
+        char from[100], to[100];
+        char *remote_ip_any = nvram_safe_get("remote_ip_any");
+        char *remote_ip = nvram_safe_get("remote_ip");
     /*
      * Enable remote Web GUI management 
      */
-    if( remotemanage )
-        save2file( "-A PREROUTING -p tcp -m tcp -d %s --dport %s "
-                   "-j DNAT --to-destination %s:%d\n", wanaddr,
-                   nvram_safe_get( "http_wanport" ),
-                   nvram_safe_get( "lan_ipaddr" ), web_lanport );
+    if( remotemanage ) {
+        if(!strcmp(remote_ip_any, "1")) {
+                save2file("-A PREROUTING -p tcp -m tcp -d %s --dport %s "
+                        "-j DNAT --to-destination %s:%d\n",
+                        wanaddr, nvram_safe_get("http_wanport"),
+                        nvram_safe_get("lan_ipaddr"), web_lanport);
+        }
+        else {
+                sscanf(remote_ip, "%s %s", from, to);
+
+                wordlist = range(from, get_complete_ip(from,to));
+
+                foreach(var, wordlist, next) {
+                        save2file("-A PREROUTING -p tcp -m tcp -s %s -d %s --dport %s "
+                          "-j DNAT --to-destination %s:%d\n",
+                          var, wanaddr, nvram_safe_get("http_wanport"),
+                          nvram_safe_get("lan_ipaddr"), web_lanport);
+                }
+        }
+    }
 
 #ifdef HAVE_SSHD
@@ -618 +637 @@
      * Enable remote ssh management : Botho 03-05-2006 
      */
-    if( remotessh )
+    if( remotessh ) {
+        if(!strcmp(remote_ip_any, "1")) {
         save2file( "-A PREROUTING -p tcp -m tcp -d %s --dport %s "
                    "-j DNAT --to-destination %s:%s\n", wanaddr,
@@ -624 +644 @@
                    nvram_safe_get( "lan_ipaddr" ),
                    nvram_safe_get( "sshd_port" ) );
+        }
+        else {
+                sscanf(remote_ip, "%s %s", from, to);
+
+                wordlist = range(from, get_complete_ip(from,to));
+
+                foreach(var, wordlist, next) {
+                        save2file("-A PREROUTING -p tcp -m tcp -s %s -d %s --dport %s "
+                          "-j DNAT --to-destination %s:%d\n",
+                          var, wanaddr, nvram_safe_get("sshd_wanport"),
+                          nvram_safe_get("lan_ipaddr"), nvram_safe_get( "sshd_port" ));
+                }
+        }
+    }
 #else
     /*
      * Enable remote telnet management 
      */
-    if( remotetelnet )
+    if( remotetelnet ) {
+        if(!strcmp(remote_ip_any, "1")) {           
         save2file( "-A PREROUTING -p tcp -m tcp -d %s --dport %s "
                    "-j DNAT --to-destination %s:23\n", wanaddr,
                    nvram_safe_get( "telnet_wanport" ),
                    nvram_safe_get( "lan_ipaddr" ) );
+        }
+        else {
+                sscanf(remote_ip, "%s %s", from, to);
+
+                wordlist = range(from, get_complete_ip(from,to));
+
+                foreach(var, wordlist, next) {
+                        save2file("-A PREROUTING -p tcp -m tcp -s %s -d %s --dport %s "
+                          "-j DNAT --to-destination %s:23\n",
+                          var, wanaddr, nvram_safe_get("sshd_wanport"),
+                          nvram_safe_get("lan_ipaddr") );
+                }
+        }
+    }   
 #endif
 

src/router/services/sysinit/defaults.c

@@ -479 +479 @@
 #endif
 
+    {"remote_ip_any", "1", 0},  /* allowed remote ip */
+    {"remote_ip", "0.0.0.0 0", 0},              /* allowed remote ip range */
     {"http_wanport", "8080", 0},        /* WAN port to listen on */
     {"http_lanport", "80", 0},  /* LAN port to listen on */