add link to proxy page and extend the nat template

(cherry picked from commit 4aa0ce0f)

add link to proxy page and extend the nat template
(cherry picked from commit 4aa0ce0f)
1ab1d8fc · Fabian Franz · Franco Fichtner · 72f87f32 · 1ab1d8fc · 1ab1d8fc
Commit 1ab1d8fc authored Apr 08, 2016 by Fabian Franz Committed by Franco Fichtner Apr 12, 2016
Show whitespace changes
Inline Side-by-side

Showing with 34 additions and 21 deletions

main.xml ...pnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml +11 -10

firewall_nat_edit.php src/www/firewall_nat_edit.php +23 -11

No files found.
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -207,7 +207,7 @@
                  Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
                  You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
                  <br/>
-			<a href="/firewall_nat_edit.php?template=transparant_proxy"> add a new firewall rule </a>
+                  <a href="/firewall_nat_edit.php?template=transparant_proxy"> Add a new firewall rule </a>
                  ]]></help>
            </field>
            <field>
@@ -220,7 +220,8 @@
                  Be aware of the security implications before enabling this option.
                  <br/><br/>
                  Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic
-                  for this feature to work.
+                  for this feature to work.<br/>
+                  <a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
                  ]]></help>
            </field>
            <field>

--- a/src/www/firewall_nat_edit.php
+++ b/src/www/firewall_nat_edit.php
@@ -150,9 +150,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $pconfig['interface'] = "lan";
        $pconfig['src'] = "lan";
        $pconfig['dst'] = "any";
-        $pconfig['dstbeginport'] = 80 ;
+        if (isset($_GET['https'])){
-        $pconfig['dstendport'] = 80 ;
+            $pconfig['dstbeginport'] = 443;
-        $pconfig['target'] = '127.0.0.1';
+            $pconfig['dstendport'] = 443;
+            if (isset($config['OPNsense']['proxy']['forward']['sslbumpport'])) {
+                $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['sslbumpport'];
+            } else {
+                $pconfig['local-port'] = 3129;
+            }
+        }
+        else {
+            $pconfig['dstbeginport'] = 80;
+            $pconfig['dstendport'] = 80;
            // try to read the proxy configuration to determine the current port
            // this has some disadvantages in case of dependencies, but there isn't
            // a much better solution available at the moment.
@@ -161,8 +170,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            } else {
                $pconfig['local-port'] = 3128;
            }
+        }
+        $pconfig['target'] = '127.0.0.1';
        $pconfig['natreflection'] = 'enable';
-        $pconfig['descr'] = "redirect traffic to proxy";
+        $pconfig['descr'] = gettext("redirect traffic to proxy");
    } else {
        $pconfig['src'] = "any";
    }