diff options
author | Sebastian | 2016-04-25 12:01:08 +0200 |
---|---|---|
committer | Sebastian | 2016-04-25 12:01:08 +0200 |
commit | 5acda3eaeabae9045609539303a8c12c4ce401f1 (patch) | |
tree | 7e71975f8570b05aafe2ea6ec0e242a8912387bb /core/modules/redsocks/data | |
parent | initial commit (diff) | |
download | mltk-5acda3eaeabae9045609539303a8c12c4ce401f1.tar.gz mltk-5acda3eaeabae9045609539303a8c12c4ce401f1.tar.xz mltk-5acda3eaeabae9045609539303a8c12c4ce401f1.zip |
merge with latest dev version
Diffstat (limited to 'core/modules/redsocks/data')
5 files changed, 143 insertions, 0 deletions
diff --git a/core/modules/redsocks/data/etc/redsocks.conf b/core/modules/redsocks/data/etc/redsocks.conf new file mode 100644 index 00000000..db3a7f2a --- /dev/null +++ b/core/modules/redsocks/data/etc/redsocks.conf @@ -0,0 +1,56 @@ +base { + // debug: connection progress & client list on SIGUSR1 + log_debug = off; + + // info: start and end of client session + log_info = off; + + /* possible `log' values are: + * stderr + * "file:/path/to/file" + * syslog:FACILITY facility is any of "daemon", "local0"..."local7" + */ + log = "file:/run/redsocks/redsocks.log"; + + // detach from console + daemon = on; + + /* Change uid, gid and root directory, these options require root + * privilegies on startup. + * Note, your chroot may requre /etc/localtime if you write log to syslog. + * Log is opened before chroot & uid changing. + */ + // user = nobody; + // group = nogroup; + // chroot = "/var/chroot"; + + /* possible `redirector' values are: + * iptables - for Linux + * ipf - for FreeBSD + * pf - for OpenBSD + * generic - some generic redirector that MAY work + */ + redirector = iptables; +} + +redsocks { + /* `local_ip' defaults to 127.0.0.1 for security reasons, + * use 0.0.0.0 if you want to listen on every interface. + * `local_*' are used as port to redirect to. + */ + local_ip = 0.0.0.0; + local_port = 12345; + + // `ip' and `port' are IP and tcp-port of proxy-server + ip = %%PROXY_IP%%; + port = %%PROXY_PORT%%; + + + // known types: socks4, socks5, http-connect, http-relay + // type = http-connect; + type = %%PROXY_TYPE%%; + + // login = "foobar"; + // password = "baz"; +} + diff --git a/core/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup-proxy.service b/core/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup-proxy.service new file mode 120000 index 00000000..0da8d078 --- /dev/null +++ b/core/modules/redsocks/data/etc/systemd/system/basic.target.wants/setup-proxy.service @@ -0,0 +1 @@ +../setup-proxy.service
\ No newline at end of file diff --git a/core/modules/redsocks/data/etc/systemd/system/redsocks.service b/core/modules/redsocks/data/etc/systemd/system/redsocks.service new file mode 100644 index 00000000..929c24ab --- /dev/null +++ b/core/modules/redsocks/data/etc/systemd/system/redsocks.service @@ -0,0 +1,12 @@ +[Unit] +Description=Transparent redirector of any TCP connection to proxy using your firewall +DefaultDependencies=no + +[Service] +Type=forking +User=redsocks +PIDFile=/run/redsocks/redsocks.pid +ExecStart=/sbin/redsocks -c /etc/redsocks.conf -p /run/redsocks/redsocks.pid +ExecStopPost=/opt/openslx/bin/rm -f /run/redsocks/redsocks.pid +ExecStopPost=/opt/openslx/bin/rm -f /opt/openslx/iptables/rules.d/10-redoscks-proxy +Restart=on-abort diff --git a/core/modules/redsocks/data/etc/systemd/system/setup-proxy.service b/core/modules/redsocks/data/etc/systemd/system/setup-proxy.service new file mode 100644 index 00000000..54052425 --- /dev/null +++ b/core/modules/redsocks/data/etc/systemd/system/setup-proxy.service @@ -0,0 +1,9 @@ +[Unit] +Description=Proxy setup detection +Before=shutdown.target +DefaultDependencies=no + +[Service] +Type=oneshot +ExecStart=/opt/openslx/scripts/systemd-setup_proxy +RemainAfterExit=yes diff --git a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy new file mode 100755 index 00000000..97ef8225 --- /dev/null +++ b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy @@ -0,0 +1,65 @@ +#!/bin/bash +# Needs full bash + +for wait in 1 1 2 3 4 6 8 10 end; do + grep '^#_RCONFIG_TAG$' /opt/openslx/config > /dev/null && echo "Config found!" && break + [ "$wait" == "end" ] && echo "Giving up!" && exit 1 + echo "No config yet..." + sleep $wait +done + +. /opt/openslx/config || echo "Error sourcing config for setup_proxy" + +[ -z "$SLX_PROXY_MODE" -o "x$SLX_PROXY_MODE" == "xoff" ] && echo "proxy mode disabled." && exit 0 + +PROXY=off +if [ "$SLX_PROXY_MODE" == "on" ]; then + PROXY=on +elif [ "$SLX_PROXY_MODE" == "auto" -a -n "$SLX_PXE_CLIENT_IP" ]; then + # auto detection: check if it is actually needed + RET=$(curl -m 2 -s http://www.google.de/ | grep -o google | wc -l) + if [ $RET -lt 20 ]; then + sleep 4 + RET=$(curl -m 5 -s http://www.google.de/ | grep -o google | wc -l) + fi + [ $RET -gt 20 ] && echo "Auto detect: Internet is reachable without proxy." && exit 0 + PROXY=on +fi + +[ "$PROXY" == "off" ] && echo "Proxy mode not required." && exit 0 +echo "Setting up transparent proxying via $SLX_PROXY_IP" + +sed -i "s/%%PROXY_IP%%/$SLX_PROXY_IP/g;s/%%PROXY_PORT%%/$SLX_PROXY_PORT/g;s/%%PROXY_TYPE%%/$SLX_PROXY_TYPE/g" /etc/redsocks.conf + +mkdir -p /run/redsocks +chown redsocks:redsocks /run/redsocks +systemctl start redsocks + +cat > "/opt/openslx/iptables/rules.d/10-redoscks-proxy" <<HEREDOCBROWN +#!/bin/ash +. /opt/openslx/config + +iptables -t nat -N REDSOCKS 2>/dev/null +iptables -t nat -F REDSOCKS +iptables -t nat -A REDSOCKS -d "\$SLX_PROXY_IP" -j RETURN +iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN +iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN +iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN +iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN +iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN +iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN +iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN +iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN +if [ -n "\$SLX_PROXY_BLACKLIST" ]; then + for ADDR in \$SLX_PROXY_BLACKLIST; do + iptables -t nat -A REDSOCKS -d "\$ADDR" -j RETURN + done +fi +iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345 +iptables -t nat -A PREROUTING -i nat1 -p tcp -j REDSOCKS +iptables -t nat -A OUTPUT -o br0 -p tcp -j REDSOCKS +#iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE +iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP +HEREDOCBROWN +chmod +x "/opt/openslx/iptables/rules.d/10-redoscks-proxy" + |