From 32bc5a1494aaa9b8a60b6c5364d93a596cd46f7f Mon Sep 17 00:00:00 2001
From: Petro1990 <petrolobanok@gmail.com>
Date: Fri, 13 Mar 2026 19:28:38 +0300
Subject: [PATCH] =?UTF-8?q?=D1=84=D0=B8=D0=BA=D1=81:=20v1.3.2=20-=20=D1=83?=
 =?UTF-8?q?=D1=81=D1=82=D1=80=D0=B0=D0=BD=D0=B5=D0=BD=D0=B8=D0=B5=20403=20?=
 =?UTF-8?q?Forbidden=20=D1=87=D0=B5=D1=80=D0=B5=D0=B7=20=D0=B8=D1=81=D0=BF?=
 =?UTF-8?q?=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5=20?=
 =?UTF-8?q?LAN=20IP=20=D1=80=D0=BE=D1=83=D1=82=D0=B5=D1=80=D0=B0=20=D0=B4?=
 =?UTF-8?q?=D0=BB=D1=8F=20NDM=20Auth?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 rproxy | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/rproxy b/rproxy
index a15428f..50ce818 100644
--- a/rproxy
+++ b/rproxy
@@ -3,7 +3,7 @@
 # Публикация локальных сервисов через SSH-туннели + nginx на VPS
 # http://5.104.75.50:3000/Petro1990/rProxy
 
-VERSION="1.3.1"
+VERSION="1.3.2"
 CONF_DIR="/opt/etc/rproxy"
 CONF_FILE="$CONF_DIR/rproxy.conf"
 SERVICES_DIR="$CONF_DIR/services"
@@ -176,6 +176,19 @@ next_free_port() {
     done
 }
 
+get_router_ip() {
+    # Метод 1: Через ndmq (Keenetic Bridge0)
+    local ip=$(ndmq -p "show interface Bridge0" -path "address" 2>/dev/null)
+    [ -n "$ip" ] && echo "$ip" && return
+
+    # Метод 2: Через ip addr (Entware/Keenetic)
+    ip=$(ip addr show br0 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d/ -f1 | head -n1)
+    [ -n "$ip" ] && echo "$ip" && return
+
+    # Запасной вариант
+    echo "192.168.1.1"
+}
+
 next_free_ext_port() {
     local port=$BASE_EXT_PORT
     while true; do
@@ -492,7 +505,9 @@ do_add_interactive() {
 
     # Конфигурация авторизации
     local auth_config=""
+    local router_ip="127.0.0.1"
     if [ "$use_ndm_auth" = "yes" ]; then
+        router_ip=$(get_router_ip)
         local auth_port=$((tunnel_port + 1))
         auth_config="
     location /rproxy_auth {
@@ -502,10 +517,10 @@ do_add_interactive() {
         proxy_set_header Content-Length \"\";
         proxy_set_header Authorization \$http_authorization;
 
-        # Стелс-режим для авторизации
-        proxy_set_header Host \"$stealth_host\";
-        proxy_set_header Origin \"http://$stealth_host\";
-        proxy_set_header Referer \"http://$stealth_host/\";
+        # Стелс-режим для авторизации (используем LAN IP роутера)
+        proxy_set_header Host \"$router_ip\";
+        proxy_set_header Origin \"http://$router_ip\";
+        proxy_set_header Referer \"http://$router_ip/\";
     }
     "
     fi
@@ -618,6 +633,7 @@ SVC_EXT_PORT="$ext_port"
 SVC_DOMAIN="$domain"
 SVC_SSL="$use_ssl"
 SVC_NDM_AUTH="$use_ndm_auth"
+SVC_ROUTER_IP="$router_ip"
 SVC_ENABLED="yes"
 EOF
 
@@ -1052,7 +1068,7 @@ do_start_service() {
 
     local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ConnectTimeout=10 -o ExitOnForwardFailure=yes"
     local tunnel_args="-R 0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT"
-    [ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):127.0.0.1:80"
+    [ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):${SVC_ROUTER_IP:-127.0.0.1}:80"
 
     if [ "$VPS_AUTH" = "password" ]; then
         AUTOSSH_GATETIME=0 sshpass -p "$VPS_PASS" autossh -M 0 -f -N \