From c1ec2c2f80dab2103f497391d0339248239918d5 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sun, 6 Nov 2005 20:03:46 +0000 Subject: MFC 7401 Add support for per interface ftp helper. Suggested-by: Dan Swartzendruber In-Discussion-with: Bill M, Dan S --- etc/inc/config.inc | 49 ++++++++++++++++++++++++++------------- etc/inc/filter.inc | 27 +++++++++++++-------- usr/local/www/interfaces.php | 20 ++++++++++++++++ usr/local/www/interfaces_lan.php | 22 +++++++++++++++++- usr/local/www/interfaces_opt.php | 21 ++++++++++++++++- usr/local/www/interfaces_wan.php | 20 ++++++++++++++++ usr/local/www/system_advanced.php | 17 -------------- 7 files changed, 131 insertions(+), 45 deletions(-) diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 4845ec9..288ce1a 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1190,23 +1190,40 @@ function system_start_ftp_helpers() { require_once("interfaces.inc"); global $config, $g; - /* if the ftp proxy is disabled then kill pftpx instance and return - * note that the helpers for port forwards are launched in a different - * sequence so we are filtering them out here by not including -g 8021 first. - */ - if($config['system']['disableftpproxy'] <> "") { - $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6"); - mwexec("/usr/bin/kill {$helpers}"); - return; + /* build an array of interfaces to work with */ + $iflist = array("lan" => "LAN", "wan" => "WAN"); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + + /* loop through all interfaces and handle pftpx */ + $interface_counter = 0; + foreach ($iflist as $ifent => $ifname) { + /* if the ftp proxy is disabled for this interface then kill pftpx + * instance and continue. note that the helpers for port forwards are + * launched in a different sequence so we are filtering them out + * here by not including -c {$port} -g 8021 first. + */ + $port = 8021 + $interface_counter; + if(isset($config['interfaces'][$ifname]['disableftpproxy'])) { + /* item is disabled. lets ++ the interface counter and + * keep processing interfaces. kill pftpx if already + * running for this instance. + */ + $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep | cut -d\" \" -f6"); + mwexec("/usr/bin/kill {$helpers}"); + $interface_counter++; + continue; + } + /* grab the current interface IP address */ + $ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($ifname)); + /* if pftpx is already running then do not launch it again */ + $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -c {$port} -g 8021\" | grep -v grep | grep {$ip}"); + if(!$helpers) + mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 {$ip}"); + + $interface_counter++; } - - /* grab the current WAN IP address */ - $wanip = get_current_wan_address(); - - /* if pftpx is already running then do not launch it again */ - $helpers = exec("ps aux | grep \"/usr/local/sbin/pftpx -g 8021\" | grep -v grep"); - if(!$helpers) - mwexec("/usr/local/sbin/pftpx -g 8021"); + } function cleanup_backupcache($revisions = 30) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1e6750f..b283297 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -544,18 +544,25 @@ function filter_nat_rules_generate() { $natrules .= "\n# Load balancing anchor - slbd updates\n"; $natrules .= "rdr-anchor \"slb\"\n"; - if(!isset($config['system']['disableftpproxy'])) { - $optcfg = array(); - generate_optcfg_array($optcfg); - $natrules .= "# FTP proxy\n"; - $natrules .= "rdr-anchor \"pftpx/*\"\n"; - $natrules .= "rdr on {$lanif} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n"; - # go through optional interfaces, setting up pftpx for them as well. - foreach($optcfg as $oc) { - $natrules .= "rdr on {$oc['if']} proto tcp from any to any port 21 -> 127.0.0.1 port 8021\n"; + /* build an array of interfaces to work with */ + $iflist = array("lan" => "LAN", "wan" => "WAN"); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + $natrules .= "# FTP proxy\n"; + $natrules .= "rdr-anchor \"pftpx/*\"\n"; + $interface_counter = 0; + /* loop through all interfaces and handle pftpx redirections */ + foreach ($iflist as $ifent => $ifname) { + if(isset($config['interfaces'][$ifname]['disableftpproxy'])) { + $interface_counter++; + continue; } - $natrules .= "\n"; + $tmp_port = 8021 + $interface_counter; + $tmp_interface = convert_friendly_interface_to_real_interface_name($ifname); + $natrules .= "rdr on {$tmp_interface} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n"; + $interface_counter++; } + $natrules .= "\n"; /* DIAG: add ipv6 NAT, if requested */ if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") { diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 3b061b4..9b5b817 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -51,6 +51,8 @@ $pconfig['pptp_remote'] = $config['pptp']['remote']; $pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']); $pconfig['pptp_idletimeout'] = $config['pptp']['timeout']; +$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']); + $pconfig['bigpond_username'] = $config['bigpond']['username']; $pconfig['bigpond_password'] = $config['bigpond']['password']; $pconfig['bigpond_authserver'] = $config['bigpond']['authserver']; @@ -209,6 +211,15 @@ if ($_POST) { unset($config['bigpond']['authserver']); unset($config['bigpond']['authdomain']); unset($config['bigpond']['minheartbeatinterval']); + unset($wancfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $wancfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } if ($_POST['type'] == "Static") { $wancfg['ipaddr'] = $_POST['ipaddr']; @@ -687,6 +698,15 @@ function type_change(enable_change,enable_change_pptp) { When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.
Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive. + + + FTP Helper + + onclick="enable_change(false)" /> + Disable the userland FTP-Proxy application +
+ +    
diff --git a/usr/local/www/interfaces_lan.php b/usr/local/www/interfaces_lan.php index 278bfd8..1133335 100755 --- a/usr/local/www/interfaces_lan.php +++ b/usr/local/www/interfaces_lan.php @@ -41,6 +41,8 @@ $pconfig['bridge'] = $lancfg['bridge']; $pconfig['bandwidth'] = $lancfg['bandwidth']; $pconfig['bandwidthtype'] = $lancfg['bandwidthtype']; +$pconfig['disableftpproxy'] = isset($lancfg['disableftpproxy']); + /* Wireless interface? */ if (isset($lancfg['wireless'])) { require("interfaces_wlan.inc"); @@ -105,6 +107,16 @@ if ($_POST) { if (!$input_errors) { + unset($lancfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $lancfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } + $bridge = discover_bridge($lancfg['if'], filter_translate_type_to_real_interface($lancfg['bridge'])); if($bridge <> "-1") { destroy_bridge($bridge); @@ -230,6 +242,14 @@ function enable_change(enable_over) {
The bandwidth setting will define the speed of the interface for traffic shaping. Do not enter your "Internet" bandwidth here, only the physical speed! + + FTP Helper + + onclick="enable_change(false)" /> + Disable the userland FTP-Proxy application +
+ +   @@ -278,4 +298,4 @@ if ($_POST['apply'] <> "") { } -?> \ No newline at end of file +?> diff --git a/usr/local/www/interfaces_opt.php b/usr/local/www/interfaces_opt.php index bfcaed6..3add7d3 100755 --- a/usr/local/www/interfaces_opt.php +++ b/usr/local/www/interfaces_opt.php @@ -61,6 +61,7 @@ $pconfig['blockbogons'] = isset($optcfg['blockbogons']); $pconfig['spoofmac'] = $optcfg['spoofmac']; $pconfig['mtu'] = $optcfg['mtu']; +$pconfig['disableftpproxy'] = isset($optcfg['disableftpproxy']); /* Wireless interface? */ if (isset($optcfg['wireless'])) { @@ -171,6 +172,15 @@ if ($_POST) { } unset($optcfg['dhcphostname']); + unset($optcfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $optcfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } $optcfg['descr'] = remove_bad_chars($_POST['descr']); $optcfg['bridge'] = $_POST['bridge']; @@ -413,7 +423,16 @@ function type_change(enable_change,enable_change_pptp) {
The bandwidth setting will define the speed of the interface for traffic shaping. Do not enter your "Internet" bandwidth here, only the physical speed! - + + + FTP Helper + + onclick="enable_change(false)" /> + Disable the userland FTP-Proxy application +
+ + +   diff --git a/usr/local/www/interfaces_wan.php b/usr/local/www/interfaces_wan.php index 3b061b4..9b5b817 100755 --- a/usr/local/www/interfaces_wan.php +++ b/usr/local/www/interfaces_wan.php @@ -51,6 +51,8 @@ $pconfig['pptp_remote'] = $config['pptp']['remote']; $pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']); $pconfig['pptp_idletimeout'] = $config['pptp']['timeout']; +$pconfig['disableftpproxy'] = isset($wancfg['disableftpproxy']); + $pconfig['bigpond_username'] = $config['bigpond']['username']; $pconfig['bigpond_password'] = $config['bigpond']['password']; $pconfig['bigpond_authserver'] = $config['bigpond']['authserver']; @@ -209,6 +211,15 @@ if ($_POST) { unset($config['bigpond']['authserver']); unset($config['bigpond']['authdomain']); unset($config['bigpond']['minheartbeatinterval']); + unset($wancfg['disableftpproxy']); + + /* per interface pftpx helper */ + if($_POST['disableftpproxy'] == "yes") { + $wancfg['disableftpproxy'] = true; + system_start_ftp_helpers(); + } else { + system_start_ftp_helpers(); + } if ($_POST['type'] == "Static") { $wancfg['ipaddr'] = $_POST['ipaddr']; @@ -687,6 +698,15 @@ function type_change(enable_change,enable_change_pptp) { When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.
Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive. + + + FTP Helper + + onclick="enable_change(false)" /> + Disable the userland FTP-Proxy application +
+ +    
diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php index 2f39dd5..03a1ade 100755 --- a/usr/local/www/system_advanced.php +++ b/usr/local/www/system_advanced.php @@ -35,7 +35,6 @@ require("guiconfig.inc"); $pconfig['disablefilter'] = $config['system']['disablefilter']; -$pconfig['disableftpproxy'] = $config['system']['disableftpproxy']; $pconfig['rfc959workaround'] = $config['system']['rfc959workaround']; $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; @@ -130,14 +129,6 @@ if ($_POST) { system_enable_arp_wrong_if(); } - if($_POST['disableftpproxy'] == "yes") { - $config['system']['disableftpproxy'] = "enabled"; - unset($config['system']['rfc959workaround']); - system_start_ftp_helpers(); - } else { - unset($config['system']['disableftpproxy']); - system_start_ftp_helpers(); - } if($_POST['rfc959workaround'] == "yes") $config['system']['rfc959workaround'] = "enabled"; else @@ -525,14 +516,6 @@ include("head.inc"); Traffic Shaper and Firewall Advanced - FTP Helper - - onclick="enable_change(false)" /> - Disable the userland FTP-Proxy application -
- - - FTP RFC 959 data port violation workaround onclick="enable_change(false)" /> -- cgit v1.1