blob: 7cf9cb8c820aa7e61523f32f76c2716e4077847d (
plain) (
tree)
|
|
#!/bin/bash
# Needs full bash
for wait in 1 1 2 3 4 6 8 10 end; do
grep -q '^#_RCONFIG_TAG$' /opt/openslx/config && break
[ "$wait" == "end" ] && echo "Giving up!" && exit 1
echo "No config yet..."
sleep $wait
done
. /opt/openslx/config || echo "Error sourcing config for setup_proxy"
[ -z "$SLX_PROXY_MODE" -o "x$SLX_PROXY_MODE" == "xoff" ] && echo "proxy mode disabled." && exit 0
PROXY=off
if [ "$SLX_PROXY_MODE" == "on" ]; then
PROXY=on
elif [ "$SLX_PROXY_MODE" == "auto" -a -n "$SLX_PXE_CLIENT_IP" ]; then
# auto detection: check if it is actually needed
RET=$(curl -L -m 2 -s http://www.google.de/ | grep -o google | wc -l)
if [ $RET -lt 20 ]; then
sleep 4
RET=$(curl -L -m 5 -s http://www.google.de/ | grep -o google | wc -l)
fi
[ $RET -gt 20 ] && echo "Auto detect: Internet is reachable without proxy." && exit 0
PROXY=on
fi
[ "$PROXY" == "off" ] && echo "Proxy mode not required." && exit 0
echo "Setting up transparent proxying via $SLX_PROXY_IP"
sed -i "s/%%PROXY_IP%%/$SLX_PROXY_IP/g;s/%%PROXY_PORT%%/$SLX_PROXY_PORT/g;s/%%PROXY_TYPE%%/$SLX_PROXY_TYPE/g" /etc/redsocks.conf
mkdir -p /run/redsocks
chown redsocks:redsocks /run/redsocks
systemctl start redsocks
tfile="/opt/openslx/iptables/10-redsocks-proxy"
cat > "$tfile" <<HEREDOCBROWN
#!/bin/ash
iptables -t nat -N REDSOCKS 2>/dev/null
iptables -t nat -F REDSOCKS
iptables -t nat -A REDSOCKS -d "$SLX_PROXY_IP" -j RETURN
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
HEREDOCBROWN
if [ -n "$SLX_PXE_SERVER_IP" ]; then
# Exclude boot server; we wouldn't be here if it weren't reachable directly
echo "iptables -t nat -A REDSOCKS -d '$SLX_PXE_SERVER_IP' -j RETURN" >> "$tfile"
fi
if [ -n "$SLX_PROXY_BLACKLIST" ]; then
for ADDR in $SLX_PROXY_BLACKLIST; do
echo "iptables -t nat -A REDSOCKS -d '$ADDR' -j RETURN"
done >> "$tfile"
fi
if [ "${SLX_PROXY_TYPE:0:5}" = "http-" ]; then
# transparent proxying for HTTP -- DOES NOT WORK, might give 400 Bad Request
#echo "iptables -t nat -A REDSOCKS -p tcp --dport 80 -j DNAT --to-destination ${SLX_PROXY_IP}:${SLX_PROXY_PORT}" >> "$tfile"
mkdir -p "/etc/profile.d" &> /dev/null
echo "export http_proxy='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
echo "export HTTP_PROXY='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
echo "export all_proxy='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
echo "export ALL_PROXY='http://${SLX_PROXY_IP}:${SLX_PROXY_PORT}/'"
echo -n "export no_proxy='${SLX_PXE_SERVER_IP}"
for ADDR in $SLX_PROXY_BLACKLIST; do
echo -n ", $ADDR"
done
echo "'"
echo -n "export NO_PROXY='${SLX_PXE_SERVER_IP}"
for ADDR in $SLX_PROXY_BLACKLIST; do
echo -n ", $ADDR"
done
echo "'"
fi > "/etc/profile.d/99-proxy.sh"
cat >> "$tfile" <<HEREDOCBROWN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345
iptables -t nat -A PREROUTING -i nat1 -p tcp -j REDSOCKS
iptables -t nat -A OUTPUT -o br0 -p tcp -j REDSOCKS
iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP
HEREDOCBROWN
chmod +x "$tfile"
mv -f -- "$tfile" "/opt/openslx/iptables/rules.d/10-redsocks-proxy"
|
