function buildconfig()
{
$f[] = "#";
//
//$f[]="set SS5_DEBUG";
//$f[]="set SS5_VERBOSE";
$f[] = "set SS5_AUTHCACHEAGE 600";
$f[] = "set SS5_AUTHOCACHEAGE 600";
$f[] = "set SS5_SRV";
$f[] = "set SS5_CONSOLE";
$f[] = "# SECTION <VARIABLES AND FLAGS>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "#";
$f[] = "# TAG: set";
$f[] = "#";
$f[] = "# set option name:";
$f[] = "#";
$f[] = "# SS5_DNSORDER \t\t-> order dns answer";
$f[] = "# SS5_VERBOSE \t\t-> enable verbose output to be written into logfile";
$f[] = "# SS5_DEBUG \t\t-> enable debug output to be written into logfile";
$f[] = "# SS5_CONSOLE \t\t-> enable web console";
$f[] = "# SS5_ATIMEOUT \t\t-> for future uses";
$f[] = "# SS5_STIMEOUT \t\t-> set session idle timeout (default 1800 seconds,";
$f[] = "# 0 for infinite)";
$f[] = "# SS5_LDAP_TIMEOUT \t\t-> set ldap query timeout";
$f[] = "# SS5_LDAP_BASE \t\t-> set BASE method for profiling (see PROFILING section)";
$f[] = "# \t It is default option!";
$f[] = "# SS5_LDAP_FILTER \t\t-> set FILTER method for profiling (see PROFILING";
$f[] = "# section)";
$f[] = "# SS5_SRV \t \t\t-> enable ss5srv admin tool";
$f[] = "# SS5_PAM_AUTH \t\t-> set PAM authentication";
$f[] = "# SS5_RADIUS_AUTH \t\t-> set RADIUS authentication";
$f[] = "# SS5_RADIUS_INTERIM_INT \t-> set interval beetwen interim update packet";
$f[] = "# SS5_RADIUS_INTERIM_TIMEOUT \t-> set interim response timeout ";
$f[] = "# SS5_AUTHCACHEAGE \t\t-> set age in seconds for authentication cache";
$f[] = "# SS5_AUTHOCACHEAGE \t\t-> set age in seconds for authorization cache";
$f[] = "# SS5_STICKYAGE \t\t-> set age for affinity";
$f[] = "# SS5_STICKYSESSION \t\t-> enable affinity session";
$f[] = "# SS5_SUPAKEY \t\t-> set SUPA secret key (default SS5_SERVER_S_KEY)";
$f[] = "# SS5_ICACHESERVER \t\t-> set internet address of ICP server";
$f[] = "# SS5_GSS_PRINC \t\t-> set GSS service principal";
$f[] = "# SS5_PROCESSLIFE \t\t-> set number of requests process must servs before ";
$f[] = "# \t closing";
$f[] = "# SS5_NETBIOS_DOMAIN \t\t-> enable netbios domain mapping with directory store, ";
$f[] = "# \t during autorization process";
$f[] = "# SS5_SYSLOG_FACILITY\t\t-> set syslog facility";
$f[] = "# SS5_SYSLOG_LEVEL\t\t-> set syslog level";
$f[] = "#";
$f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION \t<AUTHENTICATION>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "#";
$f[] = "# TAG: auth";
$f[] = "#";
$f[] = "# \tauth source host, source port, authentication type";
$f[] = "#";
$f[] = "# \tSome examples:";
$f[] = "#";
$f[] = "# \tAuthentication from 10.253.8.0 network";
$f[] = "# \t\tauth 10.253.8.0/22 - u";
$f[] = "#";
$f[] = "# \tFake authentication from 10.253.0.0 network. In this case, ss5 request ";
$f[] = "#\tauthentication but doesn't check for password. Use fake authentication ";
$f[] = "#\tfor logging or profiling purpose.";
$f[] = "# \t\tauth 10.253.0.0/16 - n";
$f[] = "#";
$f[] = "# \tFake authentication: ss5 doesn't check for correct password but fetchs ";
$f[] = "#\tusername for profiling.";
$f[] = "# \t\tauth 0.0.0.0/0 - n";
$f[] = "#";
$f[] = "# TAG: external_auth_program";
$f[] = "#";
$f[] = "# \texternal_auth_program program name and path ";
$f[] = "#";
$f[] = "# \tSome examples:";
$f[] = "#";
$f[] = "# \tUse shell file to autheticate user via ldap query";
$f[] = "# \t\texternal_auth_program /usr/local/bin/ldap.sh";
$f[] = "#";
$f[] = "# TAG: RADIUS authentication could be used setting SS5_RADIUS_AUTH option and ";
$f[] = "# configuring the following attributes:";
$f[] = "#";
$f[] = "# radius_ip (radius address)";
$f[] = "# radius_bck_ip (radius secondary address)";
$f[] = "# radius_auth_port (radius authentication port, DFAULT = 1812)";
$f[] = "# radius_acct_port (radius authorization port, DFAULT = 1813)";
$f[] = "# radius_secret (secret password betw";
$f[] = "#";
$f[] = "#";
$f[] = "#";
$f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
$f[] = "# SHost SPort Authentication";
$f[] = "#";
$f[] = "auth 0.0.0.0/0 - -";
$f[] = "";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION \t<BANDWIDTH>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "#";
$f[] = "# TAG: bandwidth";
$f[] = "#";
$f[] = "# \tbandwidth group, max number of connections, bandwidth, session timeout ";
$f[] = "#";
$f[] = "# \tSome examples:";
$f[] = "#";
$f[] = "# \tLimit connections to 2 for group Admin";
$f[] = "# \t\tbandwidth Admin 2 - -";
$f[] = "#";
$f[] = "# \tLimit bandwidth to 100k for group Users";
$f[] = "# \t\tbandwidth Users - 102400 -";
$f[] = "#";
$f[] = "# note: if you enable bandwith profiling per user, SS5 use this value instead of";
$f[] = "# value specified into permit directive.";
$f[] = "#";
$f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
$f[] = "# Group MaxCons Bandwidth Session timeout";
$f[] = "# bandwidth grp1 5 - -";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION\t<PROXIES>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "#";
$f[] = "# TAG: proxy/noproxy";
$f[] = "#";
$f[] = "#\tproxy/noproxy dst host/network, dst port, socks proxy address, port address, ver";
$f[] = "#";
$f[] = "#\tSome examples:";
$f[] = "#";
$f[] = "#\tProxy request for 172.0.0.0 network to socks server 10.253.9.240 on port 1081: ";
$f[] = "#";
$f[] = "# \tif authentication is request, downstream socks server have to check it; ";
$f[] = "# \tif resolution is request, downstream socks server does it before proxying ";
$f[] = "#\tthe request toward the upstream socks server.";
$f[] = "# \t\tproxy 172.0.0.0/16 - 10.253.9.240 1081";
$f[] = "#";
$f[] = "# SS5 makes direct connection to 10.253.0.0 network (in this case, port value is not ";
$f[] = "# verified) without using upstream proxy server";
$f[] = "# \t\tnoproxy 0.0.0.0/0 - 10.253.0.0/16 1080 -";
$f[] = "#";
$f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
$f[] = "# \tDHost/Net\t\tDPort\tDProxyip\tDProxyPort SocksVer";
$f[] = "#";
$f[] = "#\tproxy\t0.0.0.0/0\t\t-\t1.1.1.1\t\t-\t -";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION <DUMP>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "#";
$f[] = "# TAG: dump";
$f[] = "#";
$f[] = "# dump host/network, port, s/d (s=source d=destination), dump mode (r=rx, t=tx, b=rx+tx)";
$f[] = "#";
$f[] = "# Some examples:";
$f[] = "#";
$f[] = "# Dump traffic for 172.30.1.0 network on port 1521:";
$f[] = "#";
$f[] = "# if authentication is request, downstream socks server have to check it;";
$f[] = "# if resolution is request, downstream socks server does it before proxying";
$f[] = "# the request toward the upstream socks server.";
$f[] = "# dump 172.30.1.0/24 1521 d b";
$f[] = "#";
$f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
$f[] = "# DHost/Net DPort Dir \tDump mode (r=rx,t=tx,b=rx+tx)";
$f[] = "#";
$f[] = "# dump 0.0.0.0/0 - d\tt";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION\t<ACCESS CONTROL>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "#";
$f[] = "# TAG: permit/deny";
$f[] = "#\tpermit/deny src auth flag, host/network, src port, dst host/network, dst port, ";
$f[] = "#\tfixup, group, bandwidth (from 256 bytes per second to 2147483647), expdate";
$f[] = "#";
$f[] = "#\tSome examples:";
$f[] = "#";
$f[] = "# \tFTP Control + Passive Mode";
$f[] = "#\t\tpermit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -";
$f[] = "#";
$f[] = "#\tFTP DATA Active Mode";
$f[] = "#\t\tpermit - 0.0.0.0/0 \t- 172.0.0.0/8 \t21 \t- - - -";
$f[] = "#\t\tpermit - 172.0.0.0/8 \t- 0.0.0.0/0 \t- \t- - - -";
$f[] = "#";
$f[] = "#\tQuery DNS";
$f[] = "#\t\tpermit - 0.0.0.0/0 - 172.30.0.1/32 53 - - - -";
$f[] = "#";
$f[] = "#\tHttp + fixup";
$f[] = "#\t\tpermit - 0.0.0.0/0 - www.example.com 80 http - - -";
$f[] = "#";
$f[] = "#\tHttp + fixup + profile + bandwidth (bytes x second)";
$f[] = "#\t\tpermit - 0.0.0.0/0 - www.example.com 80 http admin 10240 -";
$f[] = "#";
$f[] = "#\tSftp + profile + bandwidth (bytes x second)";
$f[] = "#\t\tpermit - 0.0.0.0/0 - sftp.example.com 22 - developer 102400 -";
$f[] = "#";
$f[] = "#\tHttp + fixup ";
$f[] = "#\t\tpermit - 0.0.0.0/0 - web.example.com 80 - - - -";
$f[] = "#";
$f[] = "#\tHttp + fixup + user autentication required with expiration date to 31/12/2006";
$f[] = "#\t\tpermit u 0.0.0.0/0 - web.example.com 80 - - - 31-12-2006";
$f[] = "#";
$f[] = "#\tDeny all connection to web.example.com";
$f[] = "#\t\tdeny - 0.0.0.0/0 - web.example.com - - - - -";
$f[] = "#";
$f[] = "#";
$f[] = "# /////////////////////////////////////////////////////////////////////////////////////////////////";
$f[] = "# Auth\tSHost\t\tSPort\tDHost\t\tDPort\tFixup\tGroup\tBand\tExpDate";
$f[] = "#";
$q = new mysql_squid_builder();
$sql = "SELECT * FROM ss5_fw WHERE 1 enabled=1 ORDER BY zorder";
$results = $q->QUERY_SQL($sql);
if (mysql_num_rows($results) == 0) {
$f[] = "permit -\t0.0.0.0/0\t-\t0.0.0.0/0\t-\t-\t-\t-\t-\t";
}
$allow_type[1] = "permit";
$allow_type[0] = "deny";
while ($ligne = mysql_fetch_assoc($results)) {
if ($ligne["src_host"] == null) {
$ligne["src_host"] = "0.0.0.0/0";
}
if ($ligne["dst_host"] == null) {
$ligne["dst_host"] = "0.0.0.0/0";
}
if ($ligne["src_host"] == "0.0.0.0") {
$ligne["src_host"] = "0.0.0.0/0";
}
if ($ligne["dst_host"] == "0.0.0.0") {
$ligne["dst_host"] = "0.0.0.0/0";
}
if ($ligne["src_port"] == 0) {
$ligne["src_port"] = "-";
}
if ($ligne["dst_port"] == 0) {
$ligne["dst_port"] = "-";
}
if ($ligne["mode"] == 0) {
$ligne["bandwitdh"] = 0;
}
if ($ligne["fixup"] == null) {
$ligne["fixup"] = "-";
}
if ($ligne["bandwitdh"] == 0) {
$ligne["bandwitdh"] = "-";
}
if ($ligne["expdate"] == null) {
$ligne["expdate"] = "-";
}
if (!preg_match("#[0-9]+-[0-9]+-[0-9]+#", $ligne["expdate"])) {
$ligne["expdate"] = "-";
}
$permit = $allow_type[$ligne["mode"]];
$f[] = "{$permit}\t-\t{$ligne["src_host"]}\t{$ligne["src_port"]}\t{$ligne["dst_host"]}\t{$ligne["dst_port"]}\t{$ligne["fixup"]}\t{$ligne["bandwitdh"]}\t{$ligne["expdate"]}";
}
$f[] = "";
$f[] = "";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION\t<PROFILING>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "# ";
$f[] = "#\t1) File profiling:";
$f[] = "#";
$f[] = "#\tss5 look for a file name specified in permit line in the /etc/ss5 directory. ";
$f[] = "#\tThis file must contain user members. File profiling is the default option.";
$f[] = "#";
$f[] = "#\t2) Ldap profiling:";
$f[] = "#";
$f[] = "#\tldap_profile_ip \t(directory internet address) ";
$f[] = "#\tldap_profile_port \t(directory port) ";
$f[] = "#\tldap_profile_base \t(ss5 replaces % with \"group specified in permit line\"";
$f[] = "#\t\t\t\tif SS5LDAP_BASE if specified, otherwise if ";
$f[] = "#\t\t\t\tSS5LDAP_FILTER is specified, it uses base and search";
$f[] = "#\t\t\t\tfor group as attribute in user entry; see examples)";
$f[] = "#\tldap_profile_filter \t(ss5 uses filter for search operation)";
$f[] = "#\tldap_profile_dn \t(directory manager or another user authorized to ";
$f[] = "#\t\t\t\tquery the directory)";
$f[] = "#\tldap_profile_pass \t(\"dn\" password)";
$f[] = "#\tldap_netbios_domain\t(If SS5_NETBIOS_DOMAIN option is set, ss5 map netbios ";
$f[] = "# domain user in authentication request with his configured ";
$f[] = "# directory sever. Otherwise no match is done and ";
$f[] = "# directory are contacted in order of configuration)";
$f[] = "#";
$f[] = "#\t3) Mysql profiling:";
$f[] = "#";
$f[] = "#\tmysql_profile_ip \t(mysql server internet address) ";
$f[] = "#\tmysql_profile_db \t(mysql db )";
$f[] = "#\tmysql_profile_user \t(mysql username )";
$f[] = "#\tmysql_profile_pass \t(mysql password )";
$f[] = "#\tmysql_profile_sqlstring\t(sql base string for query. DEFAULT 'SELECT uname FROM grp WHERE gname like' )";
$f[] = "#";
$f[] = "#\tSome examples:";
$f[] = "#";
$f[] = "#\tDirectory configuration for ldap profiling with SS5_LDAP_BASE option:";
$f[] = "#\tin this case, ss5 look for attribute uid=\"username\" with base ou=\"group\",";
$f[] = "#\tdc=example,dc=com where group is specified in permit line as ";
$f[] = "#\t\"permit - - - - - group - -";
$f[] = "#";
$f[] = "#\tNote: in this case, attribute value is not userd";
$f[] = "#";
$f[] = "#\t\tldap_profile_ip 10.10.10.1";
$f[] = "#\t\tldap_profile_port 389";
$f[] = "#\t\tldap_profile_base ou=%,dc=example,dc=com";
$f[] = "#\t\tldap_profile_filter uid";
$f[] = "#\t\tldap_profile_attribute gid";
$f[] = "#\t\tldap_profile_dn cn=root,dc=example,dc=com";
$f[] = "#\t\tldap_profile_pass secret";
$f[] = "#\t\tldap_netbios_domain dir ";
$f[] = "#";
$f[] = "#\tDirectory configuration for ldap profiling with SS5_LDAP_FILTER option:";
$f[] = "#\tin this case, ss5 look for attributes uid=\"username\" & \"gid=group\" with ";
$f[] = "#\tbase dc=example,dc=com where group is specified in permit line as ";
$f[] = "#\t\"permit - - - - - group - -\"";
$f[] = "#";
$f[] = "#\tNote: you can also use a base like \"ou=%,dc=example,dc=com\", where % ";
$f[] = "#\twill be replace with \"group\".";
$f[] = "#";
$f[] = "#\t\tldap_profile_ip 10.10.10.1";
$f[] = "#\t\tldap_profile_port 389";
$f[] = "#\t\tldap_profile_base ou=Users,dc=example,dc=com";
$f[] = "#\t\tldap_profile_filter uid";
$f[] = "#\t\tldap_profile_attribute gecos";
$f[] = "#\t\tldap_profile_dn cn=root,dc=example,dc=com";
$f[] = "#\t\tldap_profile_pass secret";
$f[] = "#\t\tldap_domain_domain dir ";
$f[] = "#";
$f[] = "#\tSample OpenLdap log:";
$f[] = "#\tconn=304 op=0 BIND dn=\"cn=root,dc=example,dc=com\" mech=simple ssf=0";
$f[] = "#\tconn=304 op=0 RESULT tag=97 err=0 text=";
$f[] = "#\tconn=304 op=1 SRCH base=\"ou=Users,dc=example,dc=com\" scope=1 filter=\"(&(uid=usr1)(gecos=Users))\"";
$f[] = "#\tconn=304 op=1 SRCH attr=gecos";
$f[] = "#";
$f[] = "# \twhere ldap entry is:";
$f[] = "#\tdn: uid=usr1,ou=Users,dc=example,dc=com";
$f[] = "#\tuid: usr1";
$f[] = "#\tcn: usr1";
$f[] = "#\tobjectClass: account";
$f[] = "#\tobjectClass: posixAccount";
$f[] = "#\tobjectClass: top";
$f[] = "#\tuserPassword:: dXNyMQ==";
$f[] = "#\tloginShell: /bin/bash";
$f[] = "#\thomeDirectory: /home/usr1";
$f[] = "#\tuidNumber: 1";
$f[] = "#\tgidNumber: 1";
$f[] = "#\tgecos: Users";
$f[] = "";
$f[] = "#";
$f[] = "# SECTION\t<SERVER BALANCE>";
$f[] = "# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\";
$f[] = "# ";
$f[] = "# TAG: virtual";
$f[] = "#";
$f[] = "#\tvirtual virtual identification (vid), real ip server";
$f[] = "#";
$f[] = "#\tSome examples:";
$f[] = "#";
$f[] = "#\tTwo vip balancing on three real server each one";
$f[] = "#\t\tvirtual 1 172.30.1.1";
$f[] = "#\t\tvirtual 1 172.30.1.2";
$f[] = "#\t\tvirtual 1 172.30.1.3";
$f[] = "#";
$f[] = "#\t\tvirtual 2 172.30.1.6";
$f[] = "#\t\tvirtual 2 172.30.1.7";
$f[] = "#\t\tvirtual 2 172.30.1.8";
$f[] = "#";
$f[] = "# \tNote: Server balancing only works with -t option, (threaded mode) and ONLY ";
$f[] = "#\twith \"connect\" operation.";
$f[] = "#";
$f[] = "# ///////////////////////////////////////////////////////////////////////////////////";
$f[] = "# \tVid\tReal ip";
$f[] = "#";
$f[] = "#vitual\t-\t-";
$f[] = "";
@file_put_contents("/etc/ss5.conf", @implode("\n", $f));
@chown("/etc/ss5.conf", "squid");
buildinit();
}
function main()
{
$sock = new sockets();
$unix = new unix();
$users = new usersMenus();
if (!$users->HAMACHI_INSTALLED) {
echo "Starting......: " . date("H:i:s") . " hamachi not installed\n";
die;
}
if (!isset($GLOBALS["hamachi_bin"])) {
$GLOBALS["hamachi_bin"] = $unix->find_program("hamachi");
}
if (!is_file($GLOBALS["hamachi_bin"])) {
echo "Starting......: " . date("H:i:s") . " hamachi no such binary\n";
die;
}
$EnableHamachi = $sock->GET_INFO("EnableHamachi");
if (!is_numeric($EnableHamachi)) {
$EnableHamachi = 1;
}
if ($EnableHamachi == 0) {
echo "Starting......: " . date("H:i:s") . " hamachi disabled\n";
HasGateway_iptables_delete_rules();
hamachi_etc_hosts_remove();
@unlink("/etc/cron.d/HamachiHosts");
die;
}
AdditionalSettings();
GetNets();
shell_exec("/etc/init.d/artica-postfix start hamachi");
$sql = "SELECT * FROM hamachi ORDER BY ID DESC";
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
AdditionalSettings();
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$array = unserialize(base64_decode($ligne["pattern"]));
connect($array);
}
DO_SET_NICK();
FixRoute();
HasGateway();
buildinit();
SetSchedule();
}
function buildconfig()
{
$sock = new sockets();
$unix = new unix();
$SS5_SOCKS_IPADDR = "127.0.0.1";
$q = new mysql_squid_builder();
$EnableSS5 = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnableSS5"));
$FireHolEnable = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/FireHolEnable"));
if ($EnableSS5 == 0) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} service disabled (see EnableSS5)\n";
}
@unlink("/bin/redsocks-iptables.sh");
return;
}
$SS5_SOCKS_PORT = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/SS5_SOCKS_PORT"));
$SS5_SOCKS_INTERFACE = @file_get_contents("/etc/artica-postfix/settings/Daemons/SS5_SOCKS_INTERFACE");
if ($SS5_SOCKS_INTERFACE != null) {
$NETWORK_ALL_INTERFACES = $unix->NETWORK_ALL_INTERFACES();
$SS5_SOCKS_IPADDR = $NETWORK_ALL_INTERFACES[$SS5_SOCKS_INTERFACE]["IPADDR"];
}
if ($SS5_SOCKS_IPADDR == null) {
$SS5_SOCKS_IPADDR = "127.0.0.1";
}
$iptables = $unix->find_program("iptables");
$f[] = "base {";
$f[] = "\tlog_debug = off;";
$f[] = "\tlog_info = on;";
$f[] = "\tlog = \"syslog:daemon\";";
$f[] = "\tdaemon = on;";
$f[] = "\tredirector = iptables;";
$f[] = "}";
$f[] = "";
$f[] = "redsocks {";
$f[] = "\tlocal_ip = 0.0.0.0;";
$f[] = "\tlocal_port = 31337;";
$f[] = "\tlistenq = 128; ";
$f[] = "\tip = {$SS5_SOCKS_IPADDR};";
$f[] = "\tport = {$SS5_SOCKS_PORT};";
$f[] = "\ttype = socks5;";
$f[] = "}";
$f[] = "";
if ($FireHolEnable == 1) {
if ($GLOBALS["OUTPUT"]) {
echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} FireHolEnable = 1; run Firehol\n";
}
@unlink("/bin/redsocks-iptables.sh");
@file_put_contents("/etc/redsocks.conf", @implode("\n", $f));
system("/etc/init.d/firehol restart");
return;
}
$MARKLOG = "-m comment --comment \"ArticaRedSocksTransparent\"";
$sql = "SELECT * FROM ss5_transparent WHERE enabled=1";
$results = $q->QUERY_SQL($sql);
if (!$q->ok) {
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$q->mysql_error}\n";
}
return;
}
$sh = array();
$CountForules = mysql_num_rows($results);
if ($GLOBALS["OUTPUT"]) {
echo "Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} {$CountForules} rule(s)\n";
}
$SS5_SOCKS_IPADDR = "192.168.1.221";
if ($CountForules > 0) {
$sh[] = "#!/bin/sh -e";
while ($ligne = mysql_fetch_assoc($results)) {
$ID = $ligne["ID"];
$ligne["src_host"] = trim($ligne["src_host"]);
if ($ligne["src_host"] == "0.0.0.0") {
$ligne["src_host"] = null;
}
if ($ligne["src_host"] == "0.0.0.0/0") {
$ligne["src_host"] = null;
}
$ligne["dst_host"] = trim($ligne["dst_host"]);
if ($ligne["dst_host"] == "0.0.0.0") {
$ligne["dst_host"] = null;
}
if ($ligne["dst_host"] == "0.0.0.0/0") {
$ligne["dst_host"] = null;
}
$INTERFACE_TEXT = null;
$SRC_TEXT = null;
$DST_TEXT = null;
$eth = trim($ligne["eth"]);
$DSTPORT = $ligne["dst_port"];
if ($ligne["src_host"] != null) {
$SRC_TEXT = "-s {$ligne["src_host"]} ";
}
if ($ligne["dst_host"] != null) {
$DST_TEXT = "-d {$ligne["dst_host"]} ";
}
if ($eth != null) {
$INTERFACE_TEXT = "--in-interface {$eth} ";
}
$JREDIRECT_TEXT = "-j REDIRECT --to-port 31337";
$sh[] = "echo \"Configuring...: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} out_trsocks.{$ID}\"";
$sh[] = "{$iptables} -t nat -N out_trsocks.{$ID} || true";
$sh[] = "{$iptables} -t nat -N PRESOCKS.{$ID} || true";
$NETWORK_ALL_INTERFACES["lo"]["IPADDR"] = "127.0.0.1";
reset($NETWORK_ALL_INTERFACES);
while (list($interface, $AR) = each($NETWORK_ALL_INTERFACES)) {
$IPADDR = trim($AR["IPADDR"]);
if ($IPADDR == null) {
continue;
}
if ($IPADDR == "0.0.0.0") {
continue;
}
$sh[] = "{$iptables} -t nat -A PRESOCKS.{$ID} -s {$IPADDR} -j RETURN || true";
}
$sh[] = "{$iptables} -t nat -A PRESOCKS.{$ID} -p tcp -j REDIRECT --to-ports 31337 || true";
$sh[] = "{$iptables} -t nat -A PREROUTING -p tcp --sport 1024:65535 {$SRC_TEXT}{$DST_TEXT} --dport {$DSTPORT} -j PRESOCKS.{$ID} || true";
$sh[] = "{$iptables} -t nat -A OUTPUT -p tcp --sport 1024:65000 {$DST_TEXT} --dport {$DSTPORT} -m owner \\! --uid-owner squid -j out_trsocks.{$ID}|| true";
$sh[] = "{$iptables} -t nat -A out_trsocks.{$ID} -p tcp \\! -d 127.0.0.1 -j REDIRECT --to-ports 31337 || true";
}
$sh[] = "";
}
/*
$f[]="redudp {";
$f[]=" local_ip = 127.0.0.1;";
$f[]=" local_port = 31338;";
$f[]="";
$f[]=" // `ip' and `port' of socks5 proxy server.";
$f[]=" ip = 127.0.0.1;";
$f[]=" port = 1080;";
$f[]=" login = username;";
$f[]=" password = pazzw0rd;";
$f[]=" dest_ip = 8.8.8.8;";
$f[]=" dest_port = 53;";
$f[]=" udp_timeout = 30;";
$f[]=" udp_timeout_stream = 180;";
$f[]="}";
$f[]="";
$f[]="dnstc {";
$f[]=" local_ip = 127.0.0.1;";
$f[]=" local_port = 5300;";
$f[]="}";
$f[]="";
*/
@unlink("/bin/redsocks-iptables.sh");
if (count($sh) > 0) {
@file_put_contents("/etc/redsocks.conf", @implode("\n", $f));
@file_put_contents("/bin/redsocks-iptables.sh", @implode("\n", $sh));
@chmod("/bin/redsocks-iptables.sh", 0755);
}
buildinit();
}