proxy: add glue for transparent ftp proxy

(cherry picked from commit 8a47ae75)

proxy: add glue for transparent ftp proxy
(cherry picked from commit 8a47ae75)
bf46ac0e · Franco Fichtner · 1d313782 · bf46ac0e · bf46ac0e
Commit bf46ac0e authored Mar 07, 2016 by Franco Fichtner
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 19 deletions

main.xml ...pnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml +6 -8

squid.conf src/opnsense/service/templates/OPNsense/Proxy/squid.conf +15 -11

No files found.
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -219,14 +219,12 @@
                <type>text</type>
                <help><![CDATA[The port the proxy service will listen to.]]></help>
            </field>
-            <!--
-                        <field>
-                            <id>proxy.forward.ftpTransparentMode</id>
-                            <label>Enable Transparent mode</label>
-                            <type>checkbox</type>
-                            <help><![CDATA[Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.]]></help>
-                        </field>
-            -->
+            <field>
+                <id>proxy.forward.ftpTransparentMode</id>
+                <label>Enable Transparent mode</label>
+                <type>checkbox</type>
+                <help><![CDATA[Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.]]></help>
+            </field>
        </subtab>
        <subtab id="proxy-forward-acl" description="Access Control List">
            <field>

--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -2,47 +2,51 @@
 # Automatic generated configuration for Squid.
 # Do not edit this file manually.

-# setup listen configuration
 {% if helpers.exists('OPNsense.proxy.forward.transparentMode') and OPNsense.proxy.forward.transparentMode == '1' %}
-# transparant mode, listen on localhost
-http_port 127.0.0.1:{{  OPNsense.proxy.forward.port }} intercept
+# transparent mode, listen on localhost
+http_port 127.0.0.1:{{ OPNsense.proxy.forward.port }} intercept
 {% endif %}

+# Setup listen configuration
 {% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
 {%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
 {%      for intf_key,intf_item in interfaces.iteritems() %}
 {%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-http_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.forward.port }}
-
+http_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.port }}
 {%          endif %}
 {%      endfor %}
 {# virtual ip's #}
 {%      if helpers.exists('virtualip') %}
 {%          for intf_key,intf_item in virtualip.iteritems() %}
 {%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-http_port {{intf_item.subnet}}:{{  OPNsense.proxy.forward.port }}
-
+http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
 {%              endif %}
 {%          endfor %}
 {%      endif %}
 {%   endfor %}
 {% endif %}

+acl ftp proto FTP
+http_access allow ftp
+
+{% if helpers.exists('OPNsense.proxy.forward.ftpTransparentMode') and OPNsense.proxy.forward.ftpTransparentMode == '1' %}
+# transparent mode, listen on localhost
+ftp_port 127.0.0.1:{{ OPNsense.proxy.forward.ftpPort }} intercept
+{% endif %}
+
 # Setup ftp proxy
 {% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %}
 {%   for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %}
 {%      for intf_key,intf_item in interfaces.iteritems() %}
 {%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-ftp_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.forward.ftpPort }} {%if OPNsense.proxy.forward.ftpTransparentMode == '1' %}intercept{% else %}accel ftp-track-dirs protocol=HTTP{% endif %}
-
+ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP
 {%          endif %}
 {%      endfor %}
 {# virtual ip's #}
 {%      if helpers.exists('virtualip') %}
 {%          for intf_key,intf_item in virtualip.iteritems() %}
 {%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-ftp_port {{intf_item.subnet}}:{{  OPNsense.proxy.forward.ftpPort }} {%if OPNsense.proxy.forward.ftpTransparentMode == '1' %}intercept{% else %}accel ftp-track-dirs protocol=HTTP{% endif %}
-
+ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }} accel ftp-track-dirs protocol=HTTP
 {%              endif %}
 {%          endfor %}
 {%      endif %}