Commit fb99d826 authored by Jos Schellevis's avatar Jos Schellevis

Proxy work in progress, add ftp_port, ftp proxy support

parent 7f451353
...@@ -71,6 +71,7 @@ class SettingsController extends ApiControllerBase ...@@ -71,6 +71,7 @@ class SettingsController extends ApiControllerBase
} }
$mdlProxy->forward->interfaces->setSelectOptions($selopt); $mdlProxy->forward->interfaces->setSelectOptions($selopt);
$mdlProxy->forward->ftpInterfaces->setSelectOptions($selopt);
$result['proxy'] = $mdlProxy->getNodes(); $result['proxy'] = $mdlProxy->getNodes();
} }
......
...@@ -135,6 +135,20 @@ ...@@ -135,6 +135,20 @@
<ValidationMessage>"Proxy port needs to be an integer value between 1 and 65535"</ValidationMessage> <ValidationMessage>"Proxy port needs to be an integer value between 1 and 65535"</ValidationMessage>
<Required>Y</Required> <Required>Y</Required>
</port> </port>
<ftpInterfaces type="CSVListField">
<Required>N</Required>
</ftpInterfaces>
<ftpPort type="IntegerField">
<default>2121</default>
<MinimumValue>1</MinimumValue>
<MaximumValue>65535</MaximumValue>
<ValidationMessage>"FTP Proxy port needs to be an integer value between 1 and 65535"</ValidationMessage>
<Required>Y</Required>
</ftpPort>
<ftpTransparentMode type="BooleanField">
<default>0</default>
<Required>Y</Required>
</ftpTransparentMode>
<addACLforInterfaceSubnets type="BooleanField"> <addACLforInterfaceSubnets type="BooleanField">
<default>1</default> <default>1</default>
<Required>Y</Required> <Required>Y</Required>
......
...@@ -338,6 +338,25 @@ maxheight: define max height of select box, default=170px to hold 5 items ...@@ -338,6 +338,25 @@ maxheight: define max height of select box, default=170px to hold 5 items
'advanced':'true' 'advanced':'true'
]} ]}
], ],
[ 'proxy-forward-ftp','FTP Proxy Settings',
{['id': 'proxy.forward.ftpInterfaces',
'label':'FTP proxy interfaces',
'type':'select_multiple',
'style':'tokenize',
'help':'Select interface(s) the ftp proxy will bind to.',
'hint':'Type or select interface (Leave blank to disable ftp proxy).'
],
['id': 'proxy.forward.ftpPort',
'label':'FTP proxy port',
'type':'text',
'help':'The port the proxy service will listen to.'
],
['id': 'proxy.forward.ftpTransparentMode',
'label':'Enable Transparent mode',
'type':'checkbox',
'help':'Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.'
]}
],
[ 'proxy-forward-acl','Access Control List', [ 'proxy-forward-acl','Access Control List',
{['id': 'proxy.forward.acl.allowedSubnets', {['id': 'proxy.forward.acl.allowedSubnets',
'label':'Allowed Subnets', 'label':'Allowed Subnets',
......
...@@ -21,6 +21,25 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }} ...@@ -21,6 +21,25 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
# Setup ftp proxy
{% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %}
{% for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %}
{% for intf_key,intf_item in interfaces.iteritems() %}
{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} {%if OPNsense.proxy.forward.ftpTransparentMode == '1' %}tproxy{% endif %}
{% endif %}
{% endfor %}
{# virtual ip's #}
{% if helpers.exists('virtualip') %}
{% for intf_key,intf_item in virtualip.iteritems() %}
{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
# Rules allowing access from your local networks. # Rules allowing access from your local networks.
# Generated list of (internal) IP networks from where browsing # Generated list of (internal) IP networks from where browsing
# should be allowed. (Allow interface subnets). # should be allowed. (Allow interface subnets).
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment