##----------------------------------------------------------------------------- ## fli4l __FLI4LVER__ - configuration for package "proxy" ## ## P L E A S E R E A D T H E D O C U M E N T A T I O N ! ## ## B I T T E U N B E D I N G T D I E D O K U M E N T A T I O N L E S E N ! ## ##----------------------------------------------------------------------------- ## Creation: 26.06.2001 fm ## Last Update: $Id$ ## ## Copyright (c) 2001-2016 - Frank Meyer, fli4l-Team ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ##----------------------------------------------------------------------------- #------------------------------------------------------------------------------ # Optional package: PRIVOXY (Privacy Enhancing Proxy) #------------------------------------------------------------------------------ #OPT_PRIVOXY='no' # privoxy: yes or no PRIVOXY_MENU='yes' # show Privoxy in httpd menu? PRIVOXY_N='1' # number of instances PRIVOXY_1_LISTEN='IP_NET_1_IPADDR:8118' # ip and port to listen on PRIVOXY_1_ALLOW_N='1' # open firewall for hosts and networks PRIVOXY_1_ALLOW_1='IP_NET_1' PRIVOXY_1_HTTP_PROXY='' # optional http forward (host:port) PRIVOXY_1_SOCKS_PROXY='' # optional socks4a forward (host:port) # e.g. 127.0.0.1:9050 to use TOR # remember making TOR listen this port PRIVOXY_1_TOGGLE='yes' # may users switch privoxy on/off? PRIVOXY_1_CONFIG='yes' # may users edit the config online? PRIVOXY_1_LOGDIR='/var/log/privoxy' # folder for log files PRIVOXY_1_LOGLEVEL='1 4096 8192' # what to log? (see manual) # the following is a sample for a privoxy sending its traffic to tor PRIVOXY_2_LISTEN='IP_NET_1_IPADDR:8090' PRIVOXY_2_ALLOW_N='1' PRIVOXY_2_ALLOW_1='IP_NET_1' PRIVOXY_2_HTTP_PROXY='' PRIVOXY_2_SOCKS_PROXY='127.0.0.1:9050' PRIVOXY_2_TOGGLE='yes' PRIVOXY_2_CONFIG='yes' PRIVOXY_2_LOGDIR='/var/log/privoxy-tor' PRIVOXY_2_LOGLEVEL='1 4096 8192' #------------------------------------------------------------------------------ # Optional package: TOR (The Onion Router) #------------------------------------------------------------------------------ #OPT_TOR='no' # install tor sock4a anon proxy TOR_LISTEN_N='1' # number of interfaces to listen on TOR_LISTEN_1='IP_NET_1_IPADDR:9050' TOR_LISTEN_2='127.0.0.1:9050' # activate this to listen for local privoxy TOR_ALLOW_N='1' # open firewall for hosts and networks TOR_ALLOW_1='IP_NET_1' TOR_CONTROL_PORT='' # control using Tor Control Protocol # leave empty to disable control TOR_CONTROL_PASSWORD='' # password to gain control over TOR TOR_DATA_DIR='' # data folder (/etc/tor, if left empty) TOR_HTTP_PROXY='' # forward directory request to proxy TOR_HTTP_PROXY_AUTH='' # username:password for http proxy TOR_HTTPS_PROXY='' # forward SSL traffic to proxy TOR_HTTPS_PROXY_AUTH='' # username:password for http proxy TOR_LOGLEVEL='notice' # debug, info, notice, warn or err # logging is disabled if left empty. # WARNING: do NOT use levels below # 'notice' for security reasons! TOR_LOGFILE='' # log to file instead of syslog #------------------------------------------------------------------------------ # Optional package: SS5 (Generic Socks proxy) #------------------------------------------------------------------------------ #OPT_SS5='no' # install ss5 socks4/5 proxy SS5_LISTEN_N='1' # number of interfaces to listen on SS5_LISTEN_1='IP_NET_1_IPADDR:8050' SS5_ALLOW_N='1' # open firewall for hosts and networks SS5_ALLOW_1='IP_NET_1' #------------------------------------------------------------------------------ # Optional package: Transproxy (transparently forward HTTP requests) #------------------------------------------------------------------------------ #OPT_TRANSPROXY='no' TRANSPROXY_LISTEN_N='1' # number of interfaces to listen on TRANSPROXY_LISTEN_1='any:8081' TRANSPROXY_TARGET_IP='127.0.0.1' # where to redirect requests TRANSPROXY_TARGET_PORT='8118' TRANSPROXY_ALLOW_N='1' TRANSPROXY_ALLOW_1='IP_NET_1' #------------------------------------------------------------------------------ # Optional package: Siproxd - a masquerading SIP Proxy Server #------------------------------------------------------------------------------ #OPT_SIPROXD='no' #------------------------------------------------------------------------------ # Optional package: kamailio- another routing/masquerading SIP Proxy Server #------------------------------------------------------------------------------ #OPT_KAMAILIO='no' #------------------------------------------------------------------------------ # Optional package: rtpproxy- RTP proxy #------------------------------------------------------------------------------ #OPT_RTPPROXY='no' #------------------------------------------------------------------------------ # Optional package: igmpproxy - IGMP proxy #------------------------------------------------------------------------------ #OPT_IGMPPROXY='no' IGMPPROXY_DEBUG='no' # default: no; change to yes for verbose information IGMPPROXY_DEBUG2='no' # default: no; change to yes for debug information IGMPPROXY_QUICKLEAVE_ON='yes' # Enable Quickleave mode; sends Leave instantly; default: yes IGMPPROXY_UPLOAD_DEV='eth1.8' # upstream interface; default: ppp0; VLAN8 Interface for Entertain IPTV IGMPPROXY_DOWNLOAD_DEV='eth2' # interface to IPTV box IGMPPROXY_ALT_N='3' # number of IP addresses for multicast sources IGMPPROXY_ALT_NET_1='239.35.0.0/16' # IPTV streams IGMPPROXY_ALT_NET_2='217.0.119.0/24' # Required for T-Home IGMPPROXY_ALT_NET_3='193.158.34.0/23' # Required for T-Home IGMPPROXY_WLIST_N='1' # number of IP addresses for multicast sources IGMPPROXY_WLIST_NET_1='239.35.0.0/16' # IPTV streams #------------------------------------------------------------------------------ # Optional package: stunnel - SSL/TLS tunnel #------------------------------------------------------------------------------ #OPT_STUNNEL='no' # enable SSL/TLS tunnelling: yes or no STUNNEL_DEBUG='no' # enable debug messages: yes or no or log level # between 0 and 7 STUNNEL_N='0' # number of tunnels # ------------------------------ first tunnel --------------------------------- STUNNEL_1_NAME='https' # name of first tunnel STUNNEL_1_CLIENT='no' # SSL/TLS server STUNNEL_1_ACCEPT='any:443' # address and port to listen to STUNNEL_1_ACCEPT_IPV6='no' # only listen to IPv4 connection requests (this # obviously makes sense only for OPT_IPV6='yes' # configurations) STUNNEL_1_CONNECT='127.0.0.1:80' # where to delegate incoming connections to? STUNNEL_1_CERT_FILE='server.pem' # our (server) certificate, always required for # CLIENT='no' STUNNEL_1_CERT_CA_FILE='stunnel-ca.pem' # certificate(s) to validate peer certificates # against, see below STUNNEL_1_CERT_VERIFY='optional' # How to validate peer certificate? Possible # values are: # none - no validation # optional - validate against CA certificate # if peer provides one # onlyca - require peer certificate and # validate it against CA cert. # onlycert - require peer certificate and # compare it to certificate in # STUNNEL_x_CERT_CA_FILE # both - require peer certificate; # validate it against CA cert. and # compare it to certificate in # STUNNEL_x_CERT_CA_FILE (_both_ # certificates, peer + CA, need # to exist in that file!) # ------------------------------ second tunnel -------------------------------- STUNNEL_2_NAME='remote-imond' # name of second tunnel STUNNEL_2_CLIENT='yes' # SSL/TLS client STUNNEL_2_ACCEPT='any:50000' # address and port to listen to STUNNEL_2_ACCEPT_IPV4='no' # only listen to IPv6 connection requests (this # obviously requires OPT_IPV6='yes') STUNNEL_2_CONNECT='@ibox:5000' # where to delegate incoming connections to? # (using '@ibox' needs the dns_dhcp package # with OPT_HOSTS='yes' and HOST_x_NAME='ibox') STUNNEL_2_CERT_CA_FILE='ca+server.pem' # contains CA certificate and desired server # certificate, the latter needed for 'both' # verify mode STUNNEL_2_CERT_FILE='client.pem' # our (client) certificate and key, typically # not necessary when using CLIENT='yes' STUNNEL_2_CERT_VERIFY='both' # see above