From f2f7077d467a14a0d19d933f2067890d095e8031 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 2 Oct 2018 16:33:18 +0200 Subject: [redsocks] Direct transparent HTTP proxying If proxy type is HTTP, redirect any outgoing traffic to port 80 to the given proxy ip:port. Refs #3432 --- .../data/opt/openslx/scripts/systemd-setup_proxy | 30 ++++++++++++++++------ 1 file changed, 22 insertions(+), 8 deletions(-) (limited to 'core/modules/redsocks') diff --git a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy index 37d72392..0457728f 100755 --- a/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy +++ b/core/modules/redsocks/data/opt/openslx/scripts/systemd-setup_proxy @@ -43,13 +43,14 @@ mkdir -p /run/redsocks chown redsocks:redsocks /run/redsocks systemctl start redsocks -cat > "/opt/openslx/iptables/rules.d/10-redoscks-proxy" < "$tfile" </dev/null iptables -t nat -F REDSOCKS -iptables -t nat -A REDSOCKS -d "\$SLX_PROXY_IP" -j RETURN +iptables -t nat -A REDSOCKS -d "$SLX_PROXY_IP" -j RETURN iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN @@ -58,15 +59,28 @@ iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN -if [ -n "\$SLX_PROXY_BLACKLIST" ]; then - for ADDR in \$SLX_PROXY_BLACKLIST; do - iptables -t nat -A REDSOCKS -d "\$ADDR" -j RETURN - done +HEREDOCBROWN + +if [ -n "$SLX_PROXY_BLACKLIST" ]; then + for ADDR in $SLX_PROXY_BLACKLIST; do + echo "iptables -t nat -A REDSOCKS -d '$ADDR'-j RETURN" + done >> "$tfile" +fi + +if [ "${SLX_PROXY_TYPE#0:5}" = "http-" ]; then + # transparent proxying for HTTP + echo "iptables -t nat -A REDSOCKS -p tcp --dport 80 -j DNAT --to-destination ${SLX_PROXY_IP}:${SLX_PROXY_PORT}" >> "$tfile" fi + +cat >> "$tfile" <