From 4aa0ce0f9a6da2ce596eaf3d65370b1370280de7 Mon Sep 17 00:00:00 2001
From: Fabian Franz <fabian.franz@students.fh-hagenberg.at>
Date: Fri, 8 Apr 2016 17:04:33 +0200
Subject: [PATCH] add link to proxy page and extend the nat template

---
 .../controllers/OPNsense/Proxy/forms/main.xml | 21 ++++++------
 src/www/firewall_nat_edit.php                 | 34 +++++++++++++------
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
index 8bc2c60e8..8dee48fc6 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -200,15 +200,15 @@
                 <help><![CDATA[The port the proxy service will listen to.]]></help>
             </field>
             <field>
-                    <id>proxy.forward.transparentMode</id>
-                    <label>Enable Transparent HTTP proxy</label>
-                    <type>checkbox</type>
-                    <help><![CDATA[
-			Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
-			You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
-			<br/>
-			<a href="/firewall_nat_edit.php?template=transparant_proxy"> add a new firewall rule </a>
-                    ]]></help>
+                <id>proxy.forward.transparentMode</id>
+                <label>Enable Transparent HTTP proxy</label>
+                <type>checkbox</type>
+                <help><![CDATA[
+                  Enable transparent proxy mode. You will need a firewall rule to forward traffic from the firewall to the proxy server.
+                  You may leave the proxy interfaces empty, but remember to set a valid ACL in that case.
+                  <br/>
+                  <a href="/firewall_nat_edit.php?template=transparant_proxy"> Add a new firewall rule </a>
+                  ]]></help>
             </field>
             <field>
                 <id>proxy.forward.sslbump</id>
@@ -220,7 +220,8 @@
                   Be aware of the security implications before enabling this option.
                   <br/><br/>
                   Transparent HTTP proxy needs to be enabled and you need nat rules to reflect your traffic
-                  for this feature to work.
+                  for this feature to work.<br/>
+                  <a href="/firewall_nat_edit.php?template=transparant_proxy&https=1"> Add a new firewall rule </a>
                   ]]></help>
             </field>
             <field>
diff --git a/src/www/firewall_nat_edit.php b/src/www/firewall_nat_edit.php
index c9dffc3a3..6a7679506 100644
--- a/src/www/firewall_nat_edit.php
+++ b/src/www/firewall_nat_edit.php
@@ -150,19 +150,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $pconfig['interface'] = "lan";
         $pconfig['src'] = "lan";
         $pconfig['dst'] = "any";
-        $pconfig['dstbeginport'] = 80 ;
-        $pconfig['dstendport'] = 80 ;
-        $pconfig['target'] = '127.0.0.1';
-        // try to read the proxy configuration to determine the current port
-        // this has some disadvantages in case of dependencies, but there isn't
-        // a much better solution available at the moment.
-        if (isset($config['OPNsense']['proxy']['forward']['port'])) {
-            $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
-        } else {
-            $pconfig['local-port'] = 3128;
+        if (isset($_GET['https'])){
+            $pconfig['dstbeginport'] = 443;
+            $pconfig['dstendport'] = 443;
+            if (isset($config['OPNsense']['proxy']['forward']['sslbumpport'])) {
+                $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['sslbumpport'];
+            } else {
+                $pconfig['local-port'] = 3129;
+            }
         }
+        else {
+            $pconfig['dstbeginport'] = 80;
+            $pconfig['dstendport'] = 80;
+            // try to read the proxy configuration to determine the current port
+            // this has some disadvantages in case of dependencies, but there isn't
+            // a much better solution available at the moment.
+            if (isset($config['OPNsense']['proxy']['forward']['port'])) {
+                $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port'];
+            } else {
+                $pconfig['local-port'] = 3128;
+            }
+        }
+        $pconfig['target'] = '127.0.0.1';
+        
         $pconfig['natreflection'] = 'enable';
-        $pconfig['descr'] = "redirect traffic to proxy";
+        $pconfig['descr'] = gettext("redirect traffic to proxy");
     } else {
         $pconfig['src'] = "any";
     }