MFC 7401

Add support for per interface ftp helper.

Suggested-by: Dan Swartzendruber <dswartz_AT_druber.com>

In-Discussion-with: Bill M, Dan S

2 files changed, 50 insertions, 26 deletions

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 4845ec9..288ce1a 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1190,23 +1190,40 @@ function system_start_ftp_helpers() {
 	require_once("interfaces.inc");
 	global $config, $g;
 
-	/*    if the ftp proxy is disabled then kill pftpx instance and return
-	 *    note that the helpers for port forwards are launched in a different
-         *    sequence so we are filtering them out here by not including -g 8021 first.
-         */
-	if($config['system']['disableftpproxy'] <> "") {
-		$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6");
-		mwexec("/usr/bin/kill {$helpers}");
-		return;
+	/* build an array of interfaces to work with */
+	$iflist = array("lan" => "LAN", "wan" => "WAN");
+	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) 
+		$iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+
+	/* loop through all interfaces and handle pftpx */
+	$interface_counter = 0;
+	foreach ($iflist as $ifent => $ifname) {
+		/*    if the ftp proxy is disabled for this interface then kill pftpx 
+		 *    instance and continue. note that the helpers for port forwards are 
+		 *    launched in a  different sequence so we are filtering them out 
+                 *    here by not including -c {$port} -g 8021 first.
+		 */
+		$port = 8021 + $interface_counter;
+		if(isset($config['interfaces'][$ifname]['disableftpproxy'])) {
+			/*    item is disabled.  lets ++ the interface counter and
+			 *    keep processing interfaces. kill pftpx if already
+                         *    running for this instance.
+                         */
+			$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6");
+			mwexec("/usr/bin/kill {$helpers}");
+			$interface_counter++;
+			continue;
+		}
+		/* grab the current interface IP address */
+		$ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($ifname));
+		/* if pftpx is already running then do not launch it again */
+		$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -c {$port} -g 8021\" | grep -v grep | grep {$ip}");
+		if(!$helpers) 
+			mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 {$ip}");
+		
+		$interface_counter++;
 	}
-	
-	/* grab the current WAN IP address */
-	$wanip = get_current_wan_address();
-	
-	/* if pftpx is already running then do not launch it again */
-	$helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep");
-	if(!$helpers) 
-		mwexec("/usr/local/sbin/pftpx -g 8021");
+
 }
 
 function cleanup_backupcache($revisions = 30) {
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 1e6750f..b283297 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -544,18 +544,25 @@ function filter_nat_rules_generate() {
 	$natrules .= "\n# Load balancing anchor - slbd updates\n";
 	$natrules .= "rdr-anchor \"slb\"\n";
 
-	if(!isset($config['system']['disableftpproxy'])) {
-		$optcfg = array();
-		generate_optcfg_array($optcfg);	
-		$natrules .= "# FTP proxy\n";
-		$natrules .= "rdr-anchor \"pftpx/*\"\n";
-		$natrules .= "rdr on {$lanif} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n";
-		# go through optional interfaces, setting up pftpx for them as well.		
-		foreach($optcfg as $oc) {
-			$natrules .= "rdr on {$oc['if']} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n";
+	/* build an array of interfaces to work with */
+	$iflist = array("lan" => "LAN", "wan" => "WAN");
+	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) 
+		$iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+	$natrules .= "# FTP proxy\n";
+	$natrules .= "rdr-anchor \"pftpx/*\"\n";
+	$interface_counter = 0;
+	/* loop through all interfaces and handle pftpx redirections */
+	foreach ($iflist as $ifent => $ifname) {
+		if(isset($config['interfaces'][$ifname]['disableftpproxy'])) {
+			$interface_counter++;
+			continue;
 		}
-		$natrules .= "\n";
+		$tmp_port = 8021 + $interface_counter;
+		$tmp_interface = convert_friendly_interface_to_real_interface_name($ifname);
+		$natrules .= "rdr on {$tmp_interface} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n";
+		$interface_counter++;
 	}
+	$natrules .= "\n";
 	
 	/* DIAG: add ipv6 NAT, if requested */
 	if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") {