Commit 8a47ae75 authored by Franco Fichtner's avatar Franco Fichtner

proxy: add glue for transparent ftp proxy

parent 92c9c04d
...@@ -219,14 +219,12 @@ ...@@ -219,14 +219,12 @@
<type>text</type> <type>text</type>
<help><![CDATA[The port the proxy service will listen to.]]></help> <help><![CDATA[The port the proxy service will listen to.]]></help>
</field> </field>
<!-- <field>
<field> <id>proxy.forward.ftpTransparentMode</id>
<id>proxy.forward.ftpTransparentMode</id> <label>Enable Transparent mode</label>
<label>Enable Transparent mode</label> <type>checkbox</type>
<type>checkbox</type> <help><![CDATA[Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.]]></help>
<help><![CDATA[Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.]]></help> </field>
</field>
-->
</subtab> </subtab>
<subtab id="proxy-forward-acl" description="Access Control List"> <subtab id="proxy-forward-acl" description="Access Control List">
<field> <field>
......
...@@ -2,47 +2,51 @@ ...@@ -2,47 +2,51 @@
# Automatic generated configuration for Squid. # Automatic generated configuration for Squid.
# Do not edit this file manually. # Do not edit this file manually.
# setup listen configuration
{% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %} {% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %}
# transparant mode, listen on localhost # transparent mode, listen on localhost
http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept
{% endif %} {% endif %}
# Setup listen configuration
{% if helpers.exists('OPNsense.proxy.forward.interfaces') %} {% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
{% for interface in OPNsense.proxy.forward.interfaces.split(",") %} {% for interface in OPNsense.proxy.forward.interfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %} {% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %} {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }} http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# virtual ip's #} {# virtual ip's #}
{% if helpers.exists('virtualip') %} {% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %} {% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} {% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }} http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
acl ftp proto FTP
http_access allow ftp
{% if helpers.exists('OPNsense.proxy.forward.ftpTransparentMode') and OPNsense.proxy.forward.ftpTransparentMode == '1' %}
# transparent mode, listen on localhost
ftp_port 127.0.0.1:{{ OPNsense.proxy.forward.ftpPort }} intercept
{% endif %}
# Setup ftp proxy # Setup ftp proxy
{% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %} {% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %}
{% for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %} {% for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %} {% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %} {% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} {%if OPNsense.proxy.forward.ftpTransparentMode == '1' %}intercept{% else %}accel ftp-track-dirs protocol=HTTP{% endif %} ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# virtual ip's #} {# virtual ip's #}
{% if helpers.exists('virtualip') %} {% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %} {% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %} {% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} {%if OPNsense.proxy.forward.ftpTransparentMode == '1' %}intercept{% else %}accel ftp-track-dirs protocol=HTTP{% endif %} ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment