From 0f6b606785f640bfa5dcbc78616ebb4d194f578e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 14 Oct 2013 13:54:24 +0200 Subject: [PATCH] squid: Implement intercept mode. --- doc/language_issues.es | 2 ++ doc/language_issues.fr | 2 ++ doc/language_issues.nl | 2 ++ doc/language_issues.pl | 2 ++ doc/language_issues.ru | 2 ++ doc/language_issues.tr | 2 ++ doc/language_missings | 8 ++++++++ html/cgi-bin/proxy.cgi | 33 +++++++++++++++++++++++++++------ langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ src/initscripts/init.d/squid | 6 +++--- 11 files changed, 54 insertions(+), 9 deletions(-) diff --git a/doc/language_issues.es b/doc/language_issues.es index afe7ed6138..f46723e509 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -506,6 +506,8 @@ WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.fr b/doc/language_issues.fr index b62d16e833..32aa9b5b79 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -505,6 +505,8 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 42fedc5fef..cdde0f38da 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -506,6 +506,8 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.pl b/doc/language_issues.pl index afe7ed6138..f46723e509 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -506,6 +506,8 @@ WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.ru b/doc/language_issues.ru index cc5dd649a2..a7d46dbb0f 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -497,6 +497,8 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: age second WARNING: untranslated string: age seconds WARNING: untranslated string: age shour diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 27ca634c74..d58bcc300c 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -509,6 +509,8 @@ WARNING: translation string unused: xtaccess bad transfert WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs +WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: bytes WARNING: untranslated string: dnsforward WARNING: untranslated string: dnsforward add a new entry diff --git a/doc/language_missings b/doc/language_missings index fca3f3ebc5..7c7b082675 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -14,6 +14,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour @@ -241,6 +243,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour @@ -461,6 +465,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour @@ -657,6 +663,8 @@ < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy +< advproxy errmsg proxy ports equal +< advproxy proxy port transparent < age second < age seconds < age shour diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index bcdc2024f5..77a1cbbcb5 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -195,6 +195,7 @@ $proxysettings{'ENABLE_BLUE'} = 'off'; $proxysettings{'TRANSPARENT'} = 'off'; $proxysettings{'TRANSPARENT_BLUE'} = 'off'; $proxysettings{'PROXY_PORT'} = '800'; +$proxysettings{'TRANSPARENT_PORT'} = '3128'; $proxysettings{'VISIBLE_HOSTNAME'} = ''; $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; @@ -359,6 +360,15 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; goto ERROR; } + if (!(&General::validport($proxysettings{'TRANSPARENT_PORT'}))) + { + $errormessage = $Lang::tr{'advproxy errmsg invalid proxy port'}; + goto ERROR; + } + if ($proxysettings{'PROXY_PORT'} eq $proxysettings{'TRANSPARENT_PORT'}) { + $errormessage = $Lang::tr{'advproxy errmsg proxy ports equal'}; + goto ERROR; + } if (!($proxysettings{'UPSTREAM_PROXY'} eq '')) { my @temp = split(/:/,$proxysettings{'UPSTREAM_PROXY'}); @@ -956,8 +966,8 @@ print < $Lang::tr{'advproxy transparent on'} Green: - $Lang::tr{'advproxy visible hostname'}: * - + $Lang::tr{'advproxy proxy port transparent'}: + END @@ -969,7 +979,8 @@ if ($netsettings{'BLUE_DEV'}) { print " "; } print <  + $Lang::tr{'advproxy visible hostname'}: * + END @@ -3078,15 +3089,25 @@ END } print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; - if ($proxysettings{'TRANSPARENT'} eq 'on') { print FILE " transparent" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } print FILE "\n"; + if ($proxysettings{'TRANSPARENT'} eq 'on') { + print FILE "http_port $netsettings{'GREEN_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept"; + if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } + print FILE "\n"; + } + if ($netsettings{'BLUE_DEV'} && $proxysettings{'ENABLE_BLUE'} eq 'on') { print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'PROXY_PORT'}"; - if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { print FILE " transparent" } if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } print FILE "\n"; + + if ($proxysettings{'TRANSPARENT_BLUE'} eq 'on') { + print FILE "http_port $netsettings{'BLUE_ADDRESS'}:$proxysettings{'TRANSPARENT_PORT'} intercept"; + if ($proxysettings{'NO_CONNECTION_AUTH'} eq 'on') { print FILE " no-connection-auth" } + print FILE "\n"; + } } if ($proxysettings{'CACHE_SIZE'} > 0) @@ -3457,7 +3478,7 @@ END # Check if squidclamav is enabled. if ($proxysettings{'ENABLE_CLAMAV'} eq 'on') { print FILE "\n#Settings for squidclamav:\n"; - print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'} transparent\n"; + print FILE "http_port 127.0.0.1:$proxysettings{'PROXY_PORT'}\n"; print FILE "acl purge method PURGE\n"; print FILE "http_access deny to_localhost\n"; print FILE "http_access allow localhost\n"; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 58dc88ea77..d85981f83e 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -244,6 +244,7 @@ 'advproxy errmsg password length 1' => 'Passwort muss mindestens', 'advproxy errmsg password length 2' => ' Zeichen enthalten', 'advproxy errmsg passwords different' => 'Passwörter stimmen nicht überein', +'advproxy errmsg proxy ports equal' => 'Der Proxy-Port darf nicht identisch mit dem transparenten Port sein.', 'advproxy errmsg radius port' => 'Ungültige RADIUS Portnummer', 'advproxy errmsg radius secret' => 'Shared Secret erforderlich', 'advproxy errmsg radius server' => 'Ungültige IP-Adresse für den RADIUS-Server', @@ -281,6 +282,7 @@ 'advproxy on' => 'Proxy an', 'advproxy privacy' => 'Datenschutz', 'advproxy proxy port' => 'Proxy-Port', +'advproxy proxy port transparent' => 'Transparenter Port', 'advproxy ram cache size' => 'Cachegröße im Arbeitsspeicher (MB)', 'advproxy redirector children' => 'Anzahl der Filterprozesse', 'advproxy reset' => 'Zurücksetzen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 94eb8284f8..d6ccfafb96 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -244,6 +244,7 @@ 'advproxy errmsg password length 1' => 'Password must have at least ', 'advproxy errmsg password length 2' => ' characters', 'advproxy errmsg passwords different' => 'Passwords don\'t match', +'advproxy errmsg proxy ports equal' => 'The proxy port and the transparent port cannot be equal.', 'advproxy errmsg radius port' => 'Invalid RADIUS port number', 'advproxy errmsg radius secret' => 'RADIUS shared secret required', 'advproxy errmsg radius server' => 'Invalid IP address for RADIUS Server', @@ -281,6 +282,7 @@ 'advproxy on' => 'Proxy on', 'advproxy privacy' => 'Privacy', 'advproxy proxy port' => 'Proxy port', +'advproxy proxy port transparent' => 'Transparent port', 'advproxy ram cache size' => 'Memory cache size (MB)', 'advproxy redirector children' => 'Number of filter processes', 'advproxy reset' => 'Reset', diff --git a/src/initscripts/init.d/squid b/src/initscripts/init.d/squid index 62d5bea82b..c641c7d379 100644 --- a/src/initscripts/init.d/squid +++ b/src/initscripts/init.d/squid @@ -15,8 +15,8 @@ transparent() { eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings) # If the proxy port is not set we set the default to 800. - if [ -z $PROXY_PORT ]; then - PROXY_PORT=800 + if [ -z "${TRANSPARENT_PORT}" ]; then + TRANSPARENT_PORT=800 fi LOCALIP=`cat /var/ipfire/red/local-ipaddress | tr -d \n` @@ -43,7 +43,7 @@ transparent() { iptables -t nat -A SQUID -i $1 -p tcp -d $LOCALIP --dport 80 -j RETURN - iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port $PROXY_PORT + iptables -t nat -A SQUID -i $1 -p tcp --dport 80 -j REDIRECT --to-port "${TRANSPARENT_PORT}" } case "$1" in -- 2.39.2