diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-11-06 20:03:46 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-11-06 20:03:46 +0000 |
commit | c1ec2c2f80dab2103f497391d0339248239918d5 (patch) | |
tree | d810f5a407be57d24fc35ae76c5d013fa41d33a6 | |
parent | 44318b562757b5a0207eeee612b14456ca29c340 (diff) | |
download | pfsense-c1ec2c2f80dab2103f497391d0339248239918d5.zip pfsense-c1ec2c2f80dab2103f497391d0339248239918d5.tar.gz |
MFC 7401
Add support for per interface ftp helper.
Suggested-by: Dan Swartzendruber <dswartz_AT_druber.com>
In-Discussion-with: Bill M, Dan S
-rw-r--r-- | etc/inc/config.inc | 49 | ||||
-rw-r--r-- | etc/inc/filter.inc | 27 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 20 | ||||
-rwxr-xr-x | usr/local/www/interfaces_lan.php | 22 | ||||
-rwxr-xr-x | usr/local/www/interfaces_opt.php | 21 | ||||
-rwxr-xr-x | usr/local/www/interfaces_wan.php | 20 | ||||
-rwxr-xr-x | usr/local/www/system_advanced.php | 17 |
7 files changed, 131 insertions, 45 deletions
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 4845ec9..288ce1a 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1190,23 +1190,40 @@ function system_start_ftp_helpers() { require_once("interfaces.inc"); global $config, $g; - /* if the ftp proxy is disabled then kill pftpx instance and return - * note that the helpers for port forwards are launched in a different - * sequence so we are filtering them out here by not including -g 8021 first. - */ - if($config['system']['disableftpproxy'] <> "") { - $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6"); - mwexec("/usr/bin/kill {$helpers}"); - return; + /* build an array of interfaces to work with */ + $iflist = array("lan" => "LAN", "wan" => "WAN"); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + + /* loop through all interfaces and handle pftpx */ + $interface_counter = 0; + foreach ($iflist as $ifent => $ifname) { + /* if the ftp proxy is disabled for this interface then kill pftpx + * instance and continue. note that the helpers for port forwards are + * launched in a different sequence so we are filtering them out + * here by not including -c {$port} -g 8021 first. + */ + $port = 8021 + $interface_counter; + if(isset($config['interfaces'][$ifname]['disableftpproxy'])) { + /* item is disabled. lets ++ the interface counter and + * keep processing interfaces. kill pftpx if already + * running for this instance. + */ + $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6"); + mwexec("/usr/bin/kill {$helpers}"); + $interface_counter++; + continue; + } + /* grab the current interface IP address */ + $ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($ifname)); + /* if pftpx is already running then do not launch it again */ + $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -c {$port} -g 8021\" | grep -v grep | grep {$ip}"); + if(!$helpers) + mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 {$ip}"); + + $interface_counter++; } - - /* grab the current WAN IP address */ - $wanip = get_current_wan_address(); - - /* if pftpx is already running then do not launch it again */ - $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep"); - if(!$helpers) - mwexec("/usr/local/sbin/pftpx -g 8021"); + } function cleanup_backupcache($revisions = 30) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1e6750f..b283297 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -544,18 +544,25 @@ function filter_nat_rules_generate() { $natrules .= "\n# Load balancing anchor - slbd updates\n"; $natrules .= "rdr-anchor \"slb\"\n"; - if(!isset($config['system']['disableftpproxy'])) { - $optcfg = array(); - generate_optcfg_array($optcfg); - $natrules .= "# FTP proxy\n"; - $natrules .= "rdr-anchor \"pftpx/*\"\n"; - $natrules .= "rdr on {$lanif} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n"; - # go through optional interfaces, setting up pftpx for them as well. - foreach($optcfg as $oc) { - $natrules .= "rdr on {$oc['if']} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n"; + /* build an array of interfaces to work with */ + $iflist = array("lan" => "LAN", "wan" => "WAN"); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + $natrules .= "# FTP proxy\n"; + $natrules .= "rdr-anchor \"pftpx/*\"\n"; + $interface_counter = 0; + /* loop through all interfaces and handle pftpx redirections */ + foreach ($iflist as $ifent => $ifname) { + if(isset($config['interfaces'][$ifname]['disableftpproxy'])) { + $interface_counter++; + continue; } - $natrules .= "\n"; + $tmp_port = 8021 + $interface_counter; + $tmp_interface = convert_friendly_interface_to_real_interface_name($ifname); + $natrules .= "rdr on {$tmp_interface} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n"; + $interface_counter++; } + $natrules .= "\n"; /* DIAG: add ipv6 NAT, if requested */ if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") { diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 3b061b4..9b5b817 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -51,6 +51,8 @@ $pconfig['pptp_remote'] = $config['pptp']['remote']; $pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']); $pconfig['pptp_idletimeout'] = $config['pptp']['timeout']; +$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']); + $pconfig['bigpond_username'] = $config['bigpond']['username']; $pconfig['bigpond_password'] = $config['bigpond']['password']; $pconfig['bigpond_authserver'] = $config['bigpond']['authserver']; @@ -209,6 +211,15 @@ if ($_POST) { unset($config['bigpond']['authserver']); unset($config['bigpond']['authdomain']); unset($config['bigpond']['minheartbeatinterval']); + unset($wancfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $wancfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } if ($_POST['type'] == "Static") { $wancfg['ipaddr'] = $_POST['ipaddr']; @@ -687,6 +698,15 @@ function type_change(enable_change,enable_change_pptp) { When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.<br> Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">FTP Helper</td> + <td width="78%" class="vtable"> + <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" /> + <strong>Disable the userland FTP-Proxy application</strong> + <br /> + </td> + </tr> <tr> <td width="100" valign="top"> </td> <td> <br> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change_pptp(true)&&enable_change(true)"> diff --git a/usr/local/www/interfaces_lan.php b/usr/local/www/interfaces_lan.php index 278bfd8..1133335 100755 --- a/usr/local/www/interfaces_lan.php +++ b/usr/local/www/interfaces_lan.php @@ -41,6 +41,8 @@ $pconfig['bridge'] = $lancfg['bridge']; $pconfig['bandwidth'] = $lancfg['bandwidth']; $pconfig['bandwidthtype'] = $lancfg['bandwidthtype']; +$pconfig['disableftpproxy'] = isset($lancfg['disableftpproxy']); + /* Wireless interface? */ if (isset($lancfg['wireless'])) { require("interfaces_wlan.inc"); @@ -105,6 +107,16 @@ if ($_POST) { if (!$input_errors) { + unset($lancfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $lancfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } + $bridge = discover_bridge($lancfg['if'], filter_translate_type_to_real_interface($lancfg['bridge'])); if($bridge <> "-1") { destroy_bridge($bridge); @@ -230,6 +242,14 @@ function enable_change(enable_over) { <br> The bandwidth setting will define the speed of the interface for traffic shaping. Do not enter your "Internet" bandwidth here, only the physical speed! </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">FTP Helper</td> + <td width="78%" class="vtable"> + <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" /> + <strong>Disable the userland FTP-Proxy application</strong> + <br /> + </td> + </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> @@ -278,4 +298,4 @@ if ($_POST['apply'] <> "") { } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/interfaces_opt.php b/usr/local/www/interfaces_opt.php index bfcaed6..3add7d3 100755 --- a/usr/local/www/interfaces_opt.php +++ b/usr/local/www/interfaces_opt.php @@ -61,6 +61,7 @@ $pconfig['blockbogons'] = isset($optcfg['blockbogons']); $pconfig['spoofmac'] = $optcfg['spoofmac']; $pconfig['mtu'] = $optcfg['mtu']; +$pconfig['disableftpproxy'] = isset($optcfg['disableftpproxy']); /* Wireless interface? */ if (isset($optcfg['wireless'])) { @@ -171,6 +172,15 @@ if ($_POST) { } unset($optcfg['dhcphostname']); + unset($optcfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $optcfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } $optcfg['descr'] = remove_bad_chars($_POST['descr']); $optcfg['bridge'] = $_POST['bridge']; @@ -413,7 +423,16 @@ function type_change(enable_change,enable_change_pptp) { </select> <br> The bandwidth setting will define the speed of the interface for traffic shaping. Do not enter your "Internet" bandwidth here, only the physical speed! </td> - </tr> <tr> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">FTP Helper</td> + <td width="78%" class="vtable"> + <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" /> + <strong>Disable the userland FTP-Proxy application</strong> + <br /> + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="index" type="hidden" value="<?=$index;?>"> diff --git a/usr/local/www/interfaces_wan.php b/usr/local/www/interfaces_wan.php index 3b061b4..9b5b817 100755 --- a/usr/local/www/interfaces_wan.php +++ b/usr/local/www/interfaces_wan.php @@ -51,6 +51,8 @@ $pconfig['pptp_remote'] = $config['pptp']['remote']; $pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']); $pconfig['pptp_idletimeout'] = $config['pptp']['timeout']; +$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']); + $pconfig['bigpond_username'] = $config['bigpond']['username']; $pconfig['bigpond_password'] = $config['bigpond']['password']; $pconfig['bigpond_authserver'] = $config['bigpond']['authserver']; @@ -209,6 +211,15 @@ if ($_POST) { unset($config['bigpond']['authserver']); unset($config['bigpond']['authdomain']); unset($config['bigpond']['minheartbeatinterval']); + unset($wancfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $wancfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } if ($_POST['type'] == "Static") { $wancfg['ipaddr'] = $_POST['ipaddr']; @@ -687,6 +698,15 @@ function type_change(enable_change,enable_change_pptp) { When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.<br> Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">FTP Helper</td> + <td width="78%" class="vtable"> + <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" /> + <strong>Disable the userland FTP-Proxy application</strong> + <br /> + </td> + </tr> <tr> <td width="100" valign="top"> </td> <td> <br> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change_pptp(true)&&enable_change(true)"> diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php index 2f39dd5..03a1ade 100755 --- a/usr/local/www/system_advanced.php +++ b/usr/local/www/system_advanced.php @@ -35,7 +35,6 @@ require("guiconfig.inc"); $pconfig['disablefilter'] = $config['system']['disablefilter']; -$pconfig['disableftpproxy'] = $config['system']['disableftpproxy']; $pconfig['rfc959workaround'] = $config['system']['rfc959workaround']; $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; @@ -130,14 +129,6 @@ if ($_POST) { system_enable_arp_wrong_if(); } - if($_POST['disableftpproxy'] == "yes") { - $config['system']['disableftpproxy'] = "enabled"; - unset($config['system']['rfc959workaround']); - system_start_ftp_helpers(); - } else { - unset($config['system']['disableftpproxy']); - system_start_ftp_helpers(); - } if($_POST['rfc959workaround'] == "yes") $config['system']['rfc959workaround'] = "enabled"; else @@ -525,14 +516,6 @@ include("head.inc"); <td colspan="2" valign="top" class="listtopic">Traffic Shaper and Firewall Advanced</td> </tr> <tr> - <td width="22%" valign="top" class="vncell">FTP Helper</td> - <td width="78%" class="vtable"> - <input name="disableftpproxy" type="checkbox" id="disableftpproxy" value="yes" <?php if (isset($config['system']['disableftpproxy'])) echo "checked"; ?> onclick="enable_change(false)" /> - <strong class="vexpl">Disable the userland FTP-Proxy application</strong> - <br /> - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td> <td width="78%" class="vtable"> <input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)" /> |