Commit 1ab1d8fc authored by Fabian Franz's avatar Fabian Franz Committed by Franco Fichtner

add link to proxy page and extend the nat template

(cherry picked from commit 4aa0ce0f)
parent 72f87f32
......@@ -200,15 +200,15 @@
<help><![CDATA[The port the proxy service will listen to.]]></help>
</field>
<field>
<id>proxy.forward.transparentMode</id>
<label>Enable Transparent HTTP proxy</label>
<type>checkbox</type>
<help><![CDATA[
Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
<br/>
<a href="/firewall_nat_edit.php?template=transparant_proxy"> add a new firewall rule </a>
]]></help>
<id>proxy.forward.transparentMode</id>
<label>Enable Transparent HTTP proxy</label>
<type>checkbox</type>
<help><![CDATA[
Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
<br/>
<a href="/firewall_nat_edit.php?template=transparant_proxy"> Add a new firewall rule </a>
]]></help>
</field>
<field>
<id>proxy.forward.sslbump</id>
......@@ -220,7 +220,8 @@
Be aware of the security implications before enabling this option.
<br/><br/>
Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic
for this feature to work.
for this feature to work.<br/>
<a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
]]></help>
</field>
<field>
......
......@@ -150,19 +150,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['interface'] = "lan";
$pconfig['src'] = "lan";
$pconfig['dst'] = "any";
$pconfig['dstbeginport'] = 80 ;
$pconfig['dstendport'] = 80 ;
$pconfig['target'] = '127.0.0.1';
// try to read the proxy configuration to determine the current port
// this has some disadvantages in case of dependencies, but there isn't
// a much better solution available at the moment.
if (isset($config['OPNsense']['proxy']['forward']['port'])) {
$pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
} else {
$pconfig['local-port'] = 3128;
if (isset($_GET['https'])){
$pconfig['dstbeginport'] = 443;
$pconfig['dstendport'] = 443;
if (isset($config['OPNsense']['proxy']['forward']['sslbumpport'])) {
$pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['sslbumpport'];
} else {
$pconfig['local-port'] = 3129;
}
}
else {
$pconfig['dstbeginport'] = 80;
$pconfig['dstendport'] = 80;
// try to read the proxy configuration to determine the current port
// this has some disadvantages in case of dependencies, but there isn't
// a much better solution available at the moment.
if (isset($config['OPNsense']['proxy']['forward']['port'])) {
$pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
} else {
$pconfig['local-port'] = 3128;
}
}
$pconfig['target'] = '127.0.0.1';
$pconfig['natreflection'] = 'enable';
$pconfig['descr'] = "redirect traffic to proxy";
$pconfig['descr'] = gettext("redirect traffic to proxy");
} else {
$pconfig['src'] = "any";
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment