diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php
index 494d62db5..91febe06a 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/SettingsController.php
@@ -71,6 +71,7 @@ class SettingsController extends ApiControllerBase
}
$mdlProxy->forward->interfaces->setSelectOptions($selopt);
+ $mdlProxy->forward->ftpInterfaces->setSelectOptions($selopt);
$result['proxy'] = $mdlProxy->getNodes();
}
diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
index 33816fa5d..833b496c4 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -135,6 +135,20 @@
"Proxy port needs to be an integer value between 1 and 65535"
Y
+
+ N
+
+
+ 2121
+ 1
+ 65535
+ "FTP Proxy port needs to be an integer value between 1 and 65535"
+ Y
+
+
+ 0
+ Y
+
1
Y
diff --git a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
index 09c66d1d1..4994f802a 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
@@ -338,6 +338,25 @@ maxheight: define max height of select box, default=170px to hold 5 items
'advanced':'true'
]}
],
+ [ 'proxy-forward-ftp','FTP Proxy Settings',
+ {['id': 'proxy.forward.ftpInterfaces',
+ 'label':'FTP proxy interfaces',
+ 'type':'select_multiple',
+ 'style':'tokenize',
+ 'help':'Select interface(s) the ftp proxy will bind to.',
+ 'hint':'Type or select interface (Leave blank to disable ftp proxy).'
+ ],
+ ['id': 'proxy.forward.ftpPort',
+ 'label':'FTP proxy port',
+ 'type':'text',
+ 'help':'The port the proxy service will listen to.'
+ ],
+ ['id': 'proxy.forward.ftpTransparentMode',
+ 'label':'Enable Transparent mode',
+ 'type':'checkbox',
+ 'help':'Enable transparent ftp proxy mode to forward all requests for destination port 21 to the proxy server without any additional configuration.'
+ ]}
+ ],
[ 'proxy-forward-acl','Access Control List',
{['id': 'proxy.forward.acl.allowedSubnets',
'label':'Allowed Subnets',
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index feba67679..b5e5bf903 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -21,6 +21,25 @@ http_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.port }}
{% endfor %}
{% endif %}
+# Setup ftp proxy
+{% if helpers.exists('OPNsense.proxy.forward.ftpInterfaces') %}
+{% for interface in OPNsense.proxy.forward.ftpInterfaces.split(",") %}
+{% for intf_key,intf_item in interfaces.iteritems() %}
+{% if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
+ftp_port {{intf_item.ipaddr}}:{{ OPNsense.proxy.forward.ftpPort }} {%if OPNsense.proxy.forward.ftpTransparentMode == '1' %}tproxy{% endif %}
+{% endif %}
+{% endfor %}
+{# virtual ip's #}
+{% if helpers.exists('virtualip') %}
+{% for intf_key,intf_item in virtualip.iteritems() %}
+{% if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
+ftp_port {{intf_item.subnet}}:{{ OPNsense.proxy.forward.ftpPort }}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endif %}
+
# Rules allowing access from your local networks.
# Generated list of (internal) IP networks from where browsing
# should be allowed. (Allow interface subnets).