"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/50transparent-proxy.plugin" (16 Sep 2020, 5305 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "50transparent-proxy.plugin": 2.1.0_vs_2.1.1.

    1 # ------------------------------------------------------------------------------
    2 #         -= Arno's Iptables Firewall(AIF) - Transparent Proxy plugin =-
    3 #
    4 PLUGIN_NAME="Transparent Proxy plugin"
    5 PLUGIN_VERSION="1.04"
    6 PLUGIN_CONF_FILE="transparent-proxy.conf"
    7 #
    8 # Last changed          : July 31, 2015
    9 # Requirements          : kernel 2.6 + ip_nat + iptable_nat
   10 # Comments              : This plugin enables transparent DNAT for internal hosts for
   11 #                         certain ports. Meaning you can redirect certain TCP/UDP ports (eg. http)
   12 #                         which should be redirected from a certain INET address to an
   13 #                         internal address.
   14 #                         Updated to be IPv4-only
   15 #
   16 # Author                : (C) Copyright 2007-2010 by Arno van Amersfoort
   17 # Credits               : Rok Potocnik for his initial idea
   18 # Homepage              : https://rocky.eld.leidenuniv.nl/
   19 # Email                 : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
   20 #                         (note: you must remove all spaces and substitute the @ and the .
   21 #                         at the proper locations!)
   22 # ------------------------------------------------------------------------------
   23 # This program is free software; you can redistribute it and/or
   24 # modify it under the terms of the GNU General Public License
   25 # version 2 as published by the Free Software Foundation.
   26 #
   27 # This program is distributed in the hope that it will be useful,
   28 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   29 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   30 # GNU General Public License for more details.
   31 #
   32 # You should have received a copy of the GNU General Public License
   33 # along with this program; if not, write to the Free Software
   34 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
   35 # ------------------------------------------------------------------------------
   36 
   37 # Plugin start function
   38 plugin_start()
   39 {
   40   # Some required modules are already loaded by the main script:
   41   modprobe_multi nf_nat ip_nat
   42   modprobe iptable_nat
   43 
   44   # Setup (transparent) proxy settings:
   45   #####################################
   46   if [ -n "$FTP_PROXY_PORT" ]; then
   47     echo "${INDENT}Redirecting all internal FTP(port 21) traffic to proxy-port $FTP_PROXY_PORT"
   48     IFS=' ,'
   49     for interface in $INT_IF; do
   50       ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 21 -j REDIRECT --to-ports $FTP_PROXY_PORT
   51     done
   52   fi
   53 
   54   if [ -n "$SMTP_PROXY_PORT" ]; then
   55     echo "${INDENT}Redirecting all internal SMTP(port 25) traffic to proxy-port $SMTP_PROXY_PORT"
   56     IFS=' ,'
   57     for interface in $INT_IF; do
   58       ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 25 -j REDIRECT --to-ports $SMTP_PROXY_PORT
   59     done
   60   fi
   61 
   62   if [ -n "$HTTP_PROXY_PORT" ]; then
   63     echo "${INDENT}Redirecting all internal HTTP(port 80) traffic to proxy-port $HTTP_PROXY_PORT"
   64     IFS=' ,'
   65     for interface in $INT_IF; do
   66       ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 80 -j REDIRECT --to-ports $HTTP_PROXY_PORT
   67     done
   68   fi
   69 
   70   if [ -n "$POP3_PROXY_PORT" ]; then
   71     echo "${INDENT}Redirecting all internal POP3(port 110) traffic to proxy-port $POP3_PROXY_PORT"
   72     IFS=' ,'
   73     for interface in $INT_IF; do
   74       ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 110 -j REDIRECT --to-ports $POP3_PROXY_PORT
   75     done
   76   fi
   77 
   78   if [ -n "$HTTPS_PROXY_PORT" ]; then
   79     echo "${INDENT}Redirecting all internal HTTPs(port 443) traffic to proxy-port $HTTPS_PROXY_PORT"
   80     IFS=' ,'
   81     for interface in $INT_IF; do
   82       ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 443 -j REDIRECT --to-ports $HTTPS_PROXY_PORT
   83     done
   84   fi
   85 
   86   return 0
   87 }
   88 
   89 
   90 # Plugin stop function
   91 plugin_stop()
   92 {
   93   return 0
   94 }
   95 
   96 
   97 # Plugin status function
   98 plugin_status()
   99 {
  100   return 0
  101 }
  102 
  103 # Check sanity of eg. environment
  104 plugin_sanity_check()
  105 {
  106 #  if [ -z "$FTP_PROXY_PORT" -o -z "$SMTP_PROXY_PORT" ]; then
  107 #   printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly set!\033[0m\n" >&2
  108 #    return 1
  109 #  fi
  110 
  111   return 0
  112 }
  113 
  114 
  115 ############
  116 # Mainline #
  117 ############
  118 
  119 # Check where to find the config file
  120 CONF_FILE=""
  121 if [ -n "$PLUGIN_CONF_PATH" ]; then
  122   CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
  123 fi
  124 
  125 # Preinit to success:
  126 PLUGIN_RET_VAL=0
  127 
  128 # Check if the config file exists
  129 if [ ! -f "$CONF_FILE" ]; then
  130   printf "NOTE: Config file \"$CONF_FILE\" not found!\n        Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
  131 else
  132   # Source the plugin config file
  133   . "$CONF_FILE"
  134 
  135   if [ "$ENABLED" = "1" ] ||
  136      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
  137      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
  138     # Show who we are:
  139     echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
  140 
  141     # Increment indention
  142     INDENT="$INDENT "
  143 
  144     # Only proceed if environment ok
  145     if ! plugin_sanity_check; then
  146       PLUGIN_RET_VAL=1
  147     else
  148       case $PLUGIN_CMD in
  149         start|'') plugin_start; PLUGIN_RET_VAL=$? ;;
  150         stop    ) plugin_stop; PLUGIN_RET_VAL=$? ;;
  151         status  ) plugin_status; PLUGIN_RET_VAL=$? ;;
  152         *       ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
  153       esac
  154     fi
  155   fi
  156 fi