39 lines
1.5 KiB
Plaintext
39 lines
1.5 KiB
Plaintext
{
|
|
$OUT = '';
|
|
|
|
# Create new chain to manage TransProxy stuff
|
|
# Note: We send all traffic destined to port 80, regardless of
|
|
# where it's from, since the filter table will worry about source.
|
|
$OUT .= " /sbin/iptables --table nat --new-chain TransProxy\n";
|
|
$OUT .= " /sbin/iptables --table nat --append PREROUTING\\\n";
|
|
$OUT .= "\t-p tcp --dport 80 -j TransProxy\n";
|
|
|
|
# Accept any accesses to the local IPs directly
|
|
|
|
$OUT .= " /sbin/iptables --table nat --append TransProxy \\\n";
|
|
$OUT .= "\t--destination 127.0.0.1 --jump ACCEPT\n";
|
|
$OUT .= " /sbin/iptables --table nat --append TransProxy \\\n";
|
|
$OUT .= "\t--destination $LocalIP --jump ACCEPT\n";
|
|
|
|
if (defined $ExternalIP) {
|
|
# Accept any accesses to the ExternalIP directly
|
|
$OUT .= " /sbin/iptables --table nat --append TransProxy \\\n";
|
|
$OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n";
|
|
}
|
|
|
|
my $transproxy = $squid{Transparent} || "yes";
|
|
my $status = $squid{status} || "disabled";
|
|
if ($transproxy eq "yes" && $status eq "enabled") {
|
|
##my $proxyport = $squid{TransparentPort} || "3128";
|
|
my $proxyport = $squid{InterceptPort} || "8080";
|
|
|
|
# Otherwise, divert port 80 traffic through our proxy
|
|
$OUT .= " /sbin/iptables --table nat --append TransProxy\\\n";
|
|
$OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n";
|
|
} else {
|
|
# Or just let it go unhindered
|
|
$OUT .= " /sbin/iptables --table nat --append TransProxy\\\n";
|
|
$OUT .= "\t--jump ACCEPT\n";
|
|
}
|
|
}
|