[redsocks] NEW MODULE

Transparent proxy support module. Works with http-connect, socks, and some others

1 files changed, 41 insertions, 0 deletions

diff --git a/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy b/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy
new file mode 100755
index 00000000..8fa5721c
--- /dev/null
+++ b/remote/modules/redsocks/data/opt/openslx/bin/setup_proxy
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+. /opt/openslx/config || echo "Error sourcing config for setup_proxy"
+
+[ -z "$SLX_PROXY_MODE" -o "x$SLX_PROXY_MODE" == "xoff" ] && echo "proxy mode disabled." && exit 0
+
+PROXY=off
+if [ "$SLX_PROXY_MODE" == "on" ]; then
+	PROXY=on
+elif [ "$SLX_PROXY_MODE" == "auto" -a -n "$SLX_PXE_CLIENT_IP" ]; then
+	[[ "$SLX_PXE_CLIENT_IP" =~ ^10\. ]] && PROXY=on
+	[[ "$SLX_PXE_CLIENT_IP" =~ ^192\.168\. ]] && PROXY=on
+	[[ "$SLX_PXE_CLIENT_IP" =~ ^172\.[123] ]] && PROXY=on
+fi
+
+[ "$PROXY" == "off" ] && echo "Proxy mode not required." && exit 0
+
+sed -i "s/%%PROXY_IP%%/$SLX_PROXY_IP/g;s/%%PROXY_PORT%%/$SLX_PROXY_PORT/g;s/%%PROXY_TYPE%%/$SLX_PROXY_TYPE/g" /etc/redsocks.conf
+
+systemctl start redsocks
+
+iptables -t nat -N REDSOCKS
+iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
+iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
+iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
+iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
+iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
+if [ -n "$SLX_PROXY_BLACKLIST" ]; then
+	for ADDR in $SLX_PROXY_BLACKLIST; do
+		iptables -t nat -A REDSOCKS -d "$ADDR" -j RETURN
+	done
+fi
+iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port 12345
+iptables -t nat -A PREROUTING -p tcp -j REDSOCKS
+iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
+iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+iptables -A INPUT -i br0 -p tcp --dport 12345 -j DROP
+