RE: Does the Cisco PIX have an equivalent of the IPFW "fwd" action?
From: Brett Glass (brett_at_lariat.org)
Date: 02/04/05
- Previous message: Nickolay Kritsky: "RE: Does the Cisco PIX have an equivalent of the IPFW "fwd" action?"
- Maybe in reply to: Brett Glass: "Does the Cisco PIX have an equivalent of the IPFW "fwd" action?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 04 Feb 2005 03:53:31 -0700 To: "Nickolay Kritsky" <Nickolay.Kritsky@astra-sw.com>, <net@freebsd.org>
The PIX is already doing NAT, so I'd have to put a NAT router in front of another
NAT router (how inefficient!) to do that. But it might well be the only option
if the PIX is that limited.
--Brett
At 12:16 AM 2/4/2005, Nickolay Kritsky wrote:
>Brett, I do not think that PIX has an equivalent of ipfw 'fwd' command. The fastest way, IMHO would be just set up your transparent web proxy as a default gateway for PIX. You can also try policy routing as described in this Usenet article: http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_frm/thread/e131e32e97e4566/ee37814ac6c6c658?q=pix+transparent&_done=%2Fgroups%3Fq%3Dpix+transparent%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=Back+to+Search&&d#ee37814ac6c6c658
>
>But I wouldn't try this if I were you. PIX is not IOS, and AFAIK it was not designed for complex network solutions. Firewall - yes. Filtering, security features, advanced VPN support - yes. But not routing tricks.
>Hope that helps
>
>Nick
>
>-----Original Message-----
>From: Brett Glass [mailto:brett@lariat.org]
>Sent: Friday, February 04, 2005 2:34 AM
>To: net@freebsd.org
>Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action?
>
>
>I'm setting up a FreeBSD transparent Web proxy for a client which has an old
>(vintage 1998) Cisco PIX firewall router. I know how to make the proxy accept
>packets forwarded to it (even though the destination IP addresses of those
>packets will not be that of the proxy machine itself) and do transparent caching.
>However, to complete the puzzle, I need to make the client's PIX firewall forward
>outbound packets destined for port 80 (regardless of IP address) to the proxy. I
>can't seen to find the magic incantation in Cisco's online docs. Does anyone here
>know the Cisco equivalent of the IPFW "fwd" action, (which changes the "next hop"
>MAC address of a packet if it meets the criteria specified in a rule) and how to
>write a rule for the PIX to forward the packets? Help would be much appreciated.
>
>--Brett Glass
>
>_______________________________________________
>freebsd-net@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Nickolay Kritsky: "RE: Does the Cisco PIX have an equivalent of the IPFW "fwd" action?"
- Maybe in reply to: Brett Glass: "Does the Cisco PIX have an equivalent of the IPFW "fwd" action?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
