Arno’s iptables firewall: .../50transparent-proxy.plugin

"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/50transparent-proxy.plugin" (16 Sep 2020, 5305 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "50transparent-proxy.plugin":

2.1.0_vs_2.1.1.

1 # ------------------------------------------------------------------------------ 2 # -= Arno's Iptables Firewall(AIF) - Transparent Proxy plugin =- 3 # 4 PLUGIN_NAME="Transparent Proxy plugin" 5 PLUGIN_VERSION="1.04" 6 PLUGIN_CONF_FILE="transparent-proxy.conf" 7 # 8 # Last changed : July 31, 2015 9 # Requirements : kernel 2.6 + ip_nat + iptable_nat 10 # Comments : This plugin enables transparent DNAT for internal hosts for 11 # certain ports. Meaning you can redirect certain TCP/UDP ports (eg. http) 12 # which should be redirected from a certain INET address to an 13 # internal address. 14 # Updated to be IPv4-only 15 # 16 # Author : (C) Copyright 2007-2010 by Arno van Amersfoort 17 # Credits : Rok Potocnik for his initial idea 18 # Homepage : https://rocky.eld.leidenuniv.nl/ 19 # Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l 20 # (note: you must remove all spaces and substitute the @ and the . 21 # at the proper locations!) 22 # ------------------------------------------------------------------------------ 23 # This program is free software; you can redistribute it and/or 24 # modify it under the terms of the GNU General Public License 25 # version 2 as published by the Free Software Foundation. 26 # 27 # This program is distributed in the hope that it will be useful, 28 # but WITHOUT ANY WARRANTY; without even the implied warranty of 29 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 30 # GNU General Public License for more details. 31 # 32 # You should have received a copy of the GNU General Public License 33 # along with this program; if not, write to the Free Software 34 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 35 # ------------------------------------------------------------------------------ 36 37 # Plugin start function 38 plugin_start() 39 { 40 # Some required modules are already loaded by the main script: 41 modprobe_multi nf_nat ip_nat 42 modprobe iptable_nat 43 44 # Setup (transparent) proxy settings: 45 ##################################### 46 if [ -n "$FTP_PROXY_PORT" ]; then 47 echo "${INDENT}Redirecting all internal FTP(port 21) traffic to proxy-port $FTP_PROXY_PORT" 48 IFS=' ,' 49 for interface in $INT_IF; do 50 ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 21 -j REDIRECT --to-ports $FTP_PROXY_PORT 51 done 52 fi 53 54 if [ -n "$SMTP_PROXY_PORT" ]; then 55 echo "${INDENT}Redirecting all internal SMTP(port 25) traffic to proxy-port $SMTP_PROXY_PORT" 56 IFS=' ,' 57 for interface in $INT_IF; do 58 ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 25 -j REDIRECT --to-ports $SMTP_PROXY_PORT 59 done 60 fi 61 62 if [ -n "$HTTP_PROXY_PORT" ]; then 63 echo "${INDENT}Redirecting all internal HTTP(port 80) traffic to proxy-port $HTTP_PROXY_PORT" 64 IFS=' ,' 65 for interface in $INT_IF; do 66 ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 80 -j REDIRECT --to-ports $HTTP_PROXY_PORT 67 done 68 fi 69 70 if [ -n "$POP3_PROXY_PORT" ]; then 71 echo "${INDENT}Redirecting all internal POP3(port 110) traffic to proxy-port $POP3_PROXY_PORT" 72 IFS=' ,' 73 for interface in $INT_IF; do 74 ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 110 -j REDIRECT --to-ports $POP3_PROXY_PORT 75 done 76 fi 77 78 if [ -n "$HTTPS_PROXY_PORT" ]; then 79 echo "${INDENT}Redirecting all internal HTTPs(port 443) traffic to proxy-port $HTTPS_PROXY_PORT" 80 IFS=' ,' 81 for interface in $INT_IF; do 82 ip4tables -t nat -A PREROUTING -i $interface -p tcp --dport 443 -j REDIRECT --to-ports $HTTPS_PROXY_PORT 83 done 84 fi 85 86 return 0 87 } 88 89 90 # Plugin stop function 91 plugin_stop() 92 { 93 return 0 94 } 95 96 97 # Plugin status function 98 plugin_status() 99 { 100 return 0 101 } 102 103 # Check sanity of eg. environment 104 plugin_sanity_check() 105 { 106 # if [ -z "$FTP_PROXY_PORT" -o -z "$SMTP_PROXY_PORT" ]; then 107 # printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly set!\033[0m\n" >&2 108 # return 1 109 # fi 110 111 return 0 112 } 113 114 115 ############ 116 # Mainline # 117 ############ 118 119 # Check where to find the config file 120 CONF_FILE="" 121 if [ -n "$PLUGIN_CONF_PATH" ]; then 122 CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE" 123 fi 124 125 # Preinit to success: 126 PLUGIN_RET_VAL=0 127 128 # Check if the config file exists 129 if [ ! -f "$CONF_FILE" ]; then 130 printf "NOTE: Config file \"$CONF_FILE\" not found!\n Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2 131 else 132 # Source the plugin config file 133 . "$CONF_FILE" 134 135 if [ "$ENABLED" = "1" ] || 136 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] || 137 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then 138 # Show who we are: 139 echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION" 140 141 # Increment indention 142 INDENT="$INDENT " 143 144 # Only proceed if environment ok 145 if ! plugin_sanity_check; then 146 PLUGIN_RET_VAL=1 147 else 148 case $PLUGIN_CMD in 149 start|'') plugin_start; PLUGIN_RET_VAL=$? ;; 150 stop ) plugin_stop; PLUGIN_RET_VAL=$? ;; 151 status ) plugin_status; PLUGIN_RET_VAL=$? ;; 152 * ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;; 153 esac 154 fi 155 fi 156 fi