#!/usr/local/bin/php . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ $pgtitle = array("Interfaces", "WAN"); require("guiconfig.inc"); $wancfg = &$config['interfaces']['wan']; $optcfg = &$config['interfaces']['wan']; $pconfig['username'] = $config['pppoe']['username']; $pconfig['password'] = $config['pppoe']['password']; $pconfig['provider'] = $config['pppoe']['provider']; $pconfig['pppoemtu'] = $config['pppoe']['mtu']; $pconfig['pptp_username'] = $config['pptp']['username']; $pconfig['pptp_password'] = $config['pptp']['password']; $pconfig['pptp_local'] = $config['pptp']['local']; $pconfig['pptp_subnet'] = $config['pptp']['subnet']; $pconfig['pptp_remote'] = $config['pptp']['remote']; $pconfig['dhcphostname'] = $wancfg['dhcphostname']; if ($wancfg['ipaddr'] == "dhcp") { $pconfig['type'] = "DHCP"; } else if ($wancfg['ipaddr'] == "pppoe") { $pconfig['type'] = "PPPoE"; } else if ($wancfg['ipaddr'] == "pptp") { $pconfig['type'] = "PPTP"; } else { $pconfig['type'] = "Static"; $pconfig['ipaddr'] = $wancfg['ipaddr']; $pconfig['subnet'] = $wancfg['subnet']; $pconfig['gateway'] = $wancfg['gateway']; $pconfig['pointtopoint'] = $wancfg['pointtopoint']; } $pconfig['blockpriv'] = isset($wancfg['blockpriv']); $pconfig['spoofmac'] = $wancfg['spoofmac']; if (ipv6enabled()) { $pconfig['ipv6ra'] = isset($wancfg['ipv6ra']); if ($wancfg['ipaddr6'] == "6to4" || $wancfg['ipaddr6'] == "ppp" || $wancfg['ipaddr6'] == "aiccu" || $wancfg['ipaddr6'] == "DHCP") { $pconfig['ipv6mode'] = $wancfg['ipaddr6']; if ($wancfg['ipaddr6'] == "aiccu") { $pconfig['aiccu_username'] = $wancfg['aiccu']['username']; $pconfig['aiccu_password'] = $wancfg['aiccu']['password']; $pconfig['aiccu_tunnelid'] = $wancfg['aiccu']['tunnelid']; $pconfig['aiccu_ayiya'] = isset($wancfg['aiccu']['ayiya']); } if ($wancfg['ipaddr6'] == "DHCP") { $pconfig['v6duid'] = $wancfg['v6duid']; } } else if ($wancfg['ipaddr6']) { $pconfig['ipaddr6'] = $wancfg['ipaddr6']; $pconfig['subnet6'] = $wancfg['subnet6']; if ($wancfg['tunnel6']) { $pconfig['ipv6mode'] = "tunnel"; $pconfig['tunnel6'] = $wancfg['tunnel6']; } else { $pconfig['ipv6mode'] = "static"; $pconfig['gateway6'] = $wancfg['gateway6']; } } else { $pconfig['ipv6mode'] = "disabled"; } } /* Wireless interface? */ if (isset($optcfg['wireless'])) { require("interfaces_wlan.inc"); wireless_config_init(); } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ if ($_POST['type'] == "Static") { $reqdfields = explode(" ", "ipaddr subnet gateway"); $reqdfieldsn = explode(",", "IP address,Subnet bit count,Gateway"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } else if ($_POST['type'] == "PPPoE") { $reqdfields = explode(" ", "username password"); $reqdfieldsn = explode(",", "PPPoE username,PPPoE password"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } else if ($_POST['type'] == "PPTP") { $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote"); $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } $_POST['spoofmac'] = str_replace("-", ":", $_POST['spoofmac']); if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { $input_errors[] = "A valid IP address must be specified."; } if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) { $input_errors[] = "A valid subnet bit count must be specified."; } if (($_POST['gateway'] && !is_ipaddr($_POST['gateway']))) { $input_errors[] = "A valid gateway must be specified."; } if (($_POST['pointtopoint'] && !is_ipaddr($_POST['pointtopoint']))) { $input_errors[] = "A valid point-to-point IP address must be specified."; } if (($_POST['provider'] && !is_domain($_POST['provider']))) { $input_errors[] = "The service name contains invalid characters."; } if (($_POST['pptp_local'] && !is_ipaddr($_POST['pptp_local']))) { $input_errors[] = "A valid PPTP local IP address must be specified."; } if (($_POST['pptp_subnet'] && !is_numeric($_POST['pptp_subnet']))) { $input_errors[] = "A valid PPTP subnet bit count must be specified."; } if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']))) { $input_errors[] = "A valid PPTP remote IP address must be specified."; } if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) { $input_errors[] = "A valid MAC address must be specified."; } if (($_POST['pppoemtu'] && !(is_numeric($_POST['pppoemtu']) && $_POST['pppoemtu'] >= 512 && $_POST['pppoemtu'] <= 1492))) { $input_errors[] = "The PPPoE MTU must be between 512 and 1492 bytes."; } if (ipv6enabled()) { if (($_POST['ipv6mode'] == "static" || $_POST['ipv6mode'] == "tunnel") && !is_ipaddr6($_POST['ipaddr6'])) { $input_errors[] = "A valid IPv6 address must be specified."; } if ($_POST['ipv6mode'] == "static" && !is_ipaddr6($_POST['gateway6'])) { $input_errors[] = 'A valid IPv6 gateway must be specified.'; } if ($_POST['ipv6mode'] == "ppp" && $_POST['type'] != "PPPoE" && $_POST['type'] != "PPTP") { $input_errors[] = 'IPv6 PPP mode can only be used in conjunction with PPPoE or PPTP.'; } if ($_POST['ipv6mode'] == "tunnel" && !is_ipaddr($_POST['tunnel6'])) { $input_errors[] = 'An IPv6 tunnel endpoint address must be specified.'; } if ($_POST['ipv6mode'] == "aiccu" && (!$_POST['aiccu_username'] || !$_POST['aiccu_password'] || !$_POST['aiccu_tunnelid'])) { $input_errors[] = 'Username, password and tunnel ID must be specified for AICCU.'; } if ($_POST['ipv6mode'] == "DHCP" && $_POST['type'] != "Static" && $_POST['type'] != "DHCP") { $input_errors[] = 'IPv6 DHCP mode can only be used in conjunction with static or DHCP.'; } if (($_POST['v6duid'] && !is_duid($_POST['v6duid']))) { $input_errors[] = 'A valid DUID must be specified.'; } } /* Wireless interface? */ if (isset($optcfg['wireless'])) { $wi_input_errors = wireless_config_post(); if ($wi_input_errors) { $input_errors = array_merge($input_errors, $wi_input_errors); } } if (!$input_errors) { unset($wancfg['ipaddr']); unset($wancfg['subnet']); unset($wancfg['gateway']); unset($wancfg['pointtopoint']); unset($wancfg['dhcphostname']); unset($wancfg['ipaddr6']); unset($wancfg['subnet6']); unset($wancfg['gateway6']); unset($wancfg['tunnel6']); unset($wancfg['ipv6ra']); unset($config['pppoe']['username']); unset($config['pppoe']['password']); unset($config['pppoe']['provider']); unset($config['pppoe']['mtu']); unset($config['pptp']['username']); unset($config['pptp']['password']); unset($config['pptp']['local']); unset($config['pptp']['subnet']); unset($config['pptp']['remote']); unset($config['aiccu']['username']); unset($config['aiccu']['password']); unset($config['aiccu']['tunnelid']); unset($config['aiccu']['aiccu_ayiya']); if ($_POST['type'] == "Static") { $wancfg['ipaddr'] = $_POST['ipaddr']; $wancfg['subnet'] = $_POST['subnet']; $wancfg['gateway'] = $_POST['gateway']; if (isset($wancfg['ispointtopoint'])) $wancfg['pointtopoint'] = $_POST['pointtopoint']; } else if ($_POST['type'] == "DHCP") { $wancfg['ipaddr'] = "dhcp"; $wancfg['dhcphostname'] = $_POST['dhcphostname']; } else if ($_POST['type'] == "PPPoE") { $wancfg['ipaddr'] = "pppoe"; $config['pppoe']['username'] = $_POST['username']; $config['pppoe']['password'] = $_POST['password']; $config['pppoe']['provider'] = $_POST['provider']; $config['pppoe']['mtu'] = $_POST['pppoemtu']; } else if ($_POST['type'] == "PPTP") { $wancfg['ipaddr'] = "pptp"; $config['pptp']['username'] = $_POST['pptp_username']; $config['pptp']['password'] = $_POST['pptp_password']; $config['pptp']['local'] = $_POST['pptp_local']; $config['pptp']['subnet'] = $_POST['pptp_subnet']; $config['pptp']['remote'] = $_POST['pptp_remote']; } $wancfg['blockpriv'] = $_POST['blockpriv'] ? true : false; $wancfg['spoofmac'] = $_POST['spoofmac']; if (ipv6enabled()) { $wancfg['ipv6ra'] = $_POST['ipv6ra'] ? true : false; if ($_POST['ipv6mode'] == "6to4" || $_POST['ipv6mode'] == "ppp") { $wancfg['ipaddr6'] = $_POST['ipv6mode']; } else if ($_POST['ipv6mode'] == "DHCP"){ $wancfg['ipaddr6'] = $_POST['ipv6mode']; $wancfg['v6duid'] = $_POST['v6duid']; } else if ($_POST['ipv6mode'] == "static") { $wancfg['ipaddr6'] = $_POST['ipaddr6']; $wancfg['subnet6'] = $_POST['subnet6']; $wancfg['gateway6'] = $_POST['gateway6']; } else if ($_POST['ipv6mode'] == "tunnel") { $wancfg['ipaddr6'] = $_POST['ipaddr6']; $wancfg['subnet6'] = $_POST['subnet6']; $wancfg['tunnel6'] = $_POST['tunnel6']; } else if ($_POST['ipv6mode'] == "aiccu") { $wancfg['ipaddr6'] = "aiccu"; $wancfg['aiccu']['username'] = $_POST['aiccu_username']; $wancfg['aiccu']['password'] = $_POST['aiccu_password']; $wancfg['aiccu']['tunnelid'] = $_POST['aiccu_tunnelid']; $wancfg['aiccu']['ayiya'] = $_POST['aiccu_ayiya'] ? true : false; } } write_config(); $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); $retval = interfaces_wan_configure(); config_unlock(); } $savemsg = get_std_save_message($retval); } } ?>
Type
General configuration
MAC address
This field can be used to modify ("spoof") the MAC address of the WAN interface
(may be required with some cable connections)
Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank
Static IP configuration
IP address /
Point-to-point IP address
Gateway
DHCP client configuration
Hostname
The value in this field is sent as the DHCP client identifier and hostname when requesting a DHCP lease. Some ISPs may require this (for client identification).
IPv6 configuration
IPv6 mode
6to4 mode will automatically try to establish an IPv6-over-IPv4 tunnel via the nearest gateway. You also need to set your LAN interface (and optional interfaces, if present) to 6to4 mode for it to work properly.
To use tunnel mode (IPv6-in-IPv4 tunnel), you need a configured remote endpoint (e.g. tunnel broker). PPP mode can be used if your ISP provides native IPv6 connectivity over PPPoE or PPTP. AICCU is used with dynamic tunnels from SixXS (only heartbeat tunnels are supported).
DHCPv6 DUID
IPv6 address /
IPv6 RA > Send IPv6 router advertisements
If this option is checked, other hosts on this interface will be able to automatically configure their IPv6 address based on prefix and gateway information that the firewall provides to them. This option is NOT normally enabled on the WAN interface when connected to an ISP.
IPv6 gateway
IPv6 tunnel endpoint
The IPv4 address of the remote tunnel endpoint (only when using tunnel mode).
AICCU
Username:  
Password:  
Tunnel ID:  
AYIYA:   >

Enter your SixXS account information here (only when using AICCU).
PPPoE configuration
Username
Password
Service name
Hint: this field can usually be left empty
MTU bytes
Usually, the maximum MTU value of 1492 bytes (which is used by default) works fine, but if you have problems with some sites not loading properly, you can try a smaller value (e.g. 1400) here.
PPTP configuration
Username
Password
Local IP address /
Remote IP address
  > Block private networks
When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8). You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.