Commit 4aa0ce0f authored by Fabian Franz's avatar Fabian Franz

add link to proxy page and extend the nat template

parent 4351b2a9
...@@ -200,15 +200,15 @@ ...@@ -200,15 +200,15 @@
<help><![CDATA[The port the proxy service will listen to.]]></help> <help><![CDATA[The port the proxy service will listen to.]]></help>
</field> </field>
<field> <field>
<id>proxy.forward.transparentMode</id> <id>proxy.forward.transparentMode</id>
<label>Enable Transparent HTTP proxy</label> <label>Enable Transparent HTTP proxy</label>
<type>checkbox</type> <type>checkbox</type>
<help><![CDATA[ <help><![CDATA[
Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server. Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
You may leave the proxy interfaces empty, but remember to set a valid ACL in that case. You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
<br/> <br/>
<a href="/firewall_nat_edit.php?template=transparant_proxy"> add a new firewall rule </a> <a href="/firewall_nat_edit.php?template=transparant_proxy"> Add a new firewall rule </a>
]]></help> ]]></help>
</field> </field>
<field> <field>
<id>proxy.forward.sslbump</id> <id>proxy.forward.sslbump</id>
...@@ -220,7 +220,8 @@ ...@@ -220,7 +220,8 @@
Be aware of the security implications before enabling this option. Be aware of the security implications before enabling this option.
<br/><br/> <br/><br/>
Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic
for this feature to work. for this feature to work.<br/>
<a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
]]></help> ]]></help>
</field> </field>
<field> <field>
......
...@@ -150,19 +150,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -150,19 +150,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['interface'] = "lan"; $pconfig['interface'] = "lan";
$pconfig['src'] = "lan"; $pconfig['src'] = "lan";
$pconfig['dst'] = "any"; $pconfig['dst'] = "any";
$pconfig['dstbeginport'] = 80 ; if (isset($_GET['https'])){
$pconfig['dstendport'] = 80 ; $pconfig['dstbeginport'] = 443;
$pconfig['target'] = '127.0.0.1'; $pconfig['dstendport'] = 443;
// try to read the proxy configuration to determine the current port if (isset($config['OPNsense']['proxy']['forward']['sslbumpport'])) {
// this has some disadvantages in case of dependencies, but there isn't $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['sslbumpport'];
// a much better solution available at the moment. } else {
if (isset($config['OPNsense']['proxy']['forward']['port'])) { $pconfig['local-port'] = 3129;
$pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port']; }
} else {
$pconfig['local-port'] = 3128;
} }
else {
$pconfig['dstbeginport'] = 80;
$pconfig['dstendport'] = 80;
// try to read the proxy configuration to determine the current port
// this has some disadvantages in case of dependencies, but there isn't
// a much better solution available at the moment.
if (isset($config['OPNsense']['proxy']['forward']['port'])) {
$pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
} else {
$pconfig['local-port'] = 3128;
}
}
$pconfig['target'] = '127.0.0.1';
$pconfig['natreflection'] = 'enable'; $pconfig['natreflection'] = 'enable';
$pconfig['descr'] = "redirect traffic to proxy"; $pconfig['descr'] = gettext("redirect traffic to proxy");
} else { } else {
$pconfig['src'] = "any"; $pconfig['src'] = "any";
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment