Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > need help with redirecting port 80 traffic

Reply
Thread Tools

need help with redirecting port 80 traffic

 
 
essenz
Guest
Posts: n/a
 
      03-27-2009
I've been working on this for awhile now, but have bad no progress. I
have a small regional Wifi network, the field units (private IP) all
talk to a Cisco 7301 where I use ip nat to get them to go out the
7301's public wan interface.

There is a company that I want to work with who can provide web
content filtering, as well as access control. So they have a server at
their location that I need to forward or redirect all my outbound port
80 traffic to. This server at their location for arguments sake is
listening on public IP 5.6.7.9 tcp port 21453.

The company has supported configs for PIX/ASA, but not for Cisco
Layer3 switches or routers.

I've looked at nat, ssg, wccp, and cant really find anything that does
this. My 7301 is running the latest 12.4 IOS Adv Enterprise Edition.

In addition to my ip nat inside and ip nat outside on the two
interfaces, I have:

ip nat inside source list OutboundNat interface FastEthernet1/1
overload

Where Fe1/1 is my WAN link, and OutboundNat matches the private IPs to
nat.

Is their a way on the 7301 to easily forward all outbound port 80
traffic to 5.6.7.9 port 21453? The followup to this is all other
traffic (not port 80), should go out to the internet as normal.

Now I also have a 3750 Switch much higher in the network topology that
actually hands off the traffic to my ISP, so I could also do something
at that layer as well, especially if the 7301 load is too much. Right
now with my current NAT, the 7301's are at 8% cpu load.

Thanks
John



 
Reply With Quote
 
 
 
 
essenz
Guest
Posts: n/a
 
      03-31-2009
Wow... I stumped the group! I'm at my wits ends with this. The company
that provides the filtering has admitted that they have never gotten
this to work on a non-ASA or non-PIX device.

They gave me some configs on how to do a dnat, but it still doesn't
work because the dnat syntax can only redirect a specific IP port 80
to my external IP port 21453, but I need to match ALL ip's on port 80.

I also looked at route-maps, but if I go that route, I cant change the
port?!

 
Reply With Quote
 
 
 
 
John Agosta
Guest
Posts: n/a
 
      03-31-2009




"essenz" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've been working on this for awhile now, but have bad no progress. I
> have a small regional Wifi network, the field units (private IP) all
> talk to a Cisco 7301 where I use ip nat to get them to go out the
> 7301's public wan interface.
>
> There is a company that I want to work with who can provide web
> content filtering, as well as access control. So they have a server at
> their location that I need to forward or redirect all my outbound port
> 80 traffic to. This server at their location for arguments sake is
> listening on public IP 5.6.7.9 tcp port 21453.
>
> The company has supported configs for PIX/ASA, but not for Cisco
> Layer3 switches or routers.
>
> I've looked at nat, ssg, wccp, and cant really find anything that does
> this. My 7301 is running the latest 12.4 IOS Adv Enterprise Edition.
>
> In addition to my ip nat inside and ip nat outside on the two
> interfaces, I have:
>
> ip nat inside source list OutboundNat interface FastEthernet1/1
> overload
>
> Where Fe1/1 is my WAN link, and OutboundNat matches the private IPs to
> nat.
>
> Is their a way on the 7301 to easily forward all outbound port 80
> traffic to 5.6.7.9 port 21453? The followup to this is all other
> traffic (not port 80), should go out to the internet as normal.
>
> Now I also have a 3750 Switch much higher in the network topology that
> actually hands off the traffic to my ISP, so I could also do something
> at that layer as well, especially if the 7301 load is too much. Right
> now with my current NAT, the 7301's are at 8% cpu load.
>
> Thanks
> John
>
>


Perhaps you could use PBR to direct port 80 traffic towards another
interface,
and upstream from that (new) interface perform your NAT task ?


 
Reply With Quote
 
bod43
Guest
Posts: n/a
 
      04-01-2009
On 31 Mar, 15:53, "John Agosta" <(E-Mail Removed)> wrote:
> "essenz" <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
>
>
>
>
>
> > I've been working on this for awhile now, but have bad no progress. I
> > have a small regional Wifi network, the field units (private IP) all
> > talk to a Cisco 7301 where I use ip nat to get them to go out the
> > 7301's public wan interface.

>
> > There is a company that I want to work with who can provide web
> > content filtering, as well as access control. So they have a server at
> > their location that I need to forward or redirect all my outbound port
> > 80 traffic to. This server at their location for arguments sake is
> > listening on public IP 5.6.7.9 tcp port 21453.

>
> > The company has supported configs for PIX/ASA, but not for Cisco
> > Layer3 switches or routers.

>
> > I've looked at nat, ssg, wccp, and cant really find anything that does
> > this. My 7301 is running the latest 12.4 IOS Adv Enterprise Edition.

>
> > In addition to my ip nat inside and ip nat outside on the two
> > interfaces, I have:

>
> > ip nat inside source list OutboundNat interface FastEthernet1/1
> > overload

>
> > Where Fe1/1 is my WAN link, and OutboundNat matches the private IPs to
> > nat.

>
> > Is their a way on the 7301 to easily forward all outbound port 80
> > traffic to 5.6.7.9 port 21453? The followup to this is all other
> > traffic (not port 80), should go out to the internet as normal.

>
> > Now I also have a 3750 Switch much higher in the network topology that
> > actually hands off the traffic to my ISP, so I could also do something
> > at that layer as well, especially if the 7301 load is too much. Right
> > now with my current NAT, the 7301's are at 8% cpu load.

>
> > Thanks
> > John

>
> Perhaps you could use PBR to direct port 80 traffic towards another
> interface,
> and upstream from that (new) interface perform your NAT task ?-


To the OP -

Why don't you post details of the provider and the pix
configurations that are supposed to work? The knowledge
and understanding required to magically interpret your
request (if indeed there is sufficient information to
unambiguously interpret it at all) is very substantial.

I suppose that there may be some ip nat outside source
statement that might do the job but that would depend on the
http containing sufficient information for the 'proxy' to
send the packets on to the correct destination.

WCCP Was designed for this - have you asked the provider
if they support WCCP?


 
Reply With Quote
 
alexd
Guest
Posts: n/a
 
      04-01-2009
essenz wrote:

> Wow... I stumped the group! I'm at my wits ends with this. The company
> that provides the filtering has admitted that they have never gotten
> this to work on a non-ASA or non-PIX device.


Do you absolutely have to do this on your Cisco kit? If not, try doing it
with iptables:

http://tldp.org/HOWTO/TransparentProxy-6.html

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
19:44:48 up 117 days, 20:56, 2 users, load average: 0.08, 0.10, 0.05
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise

 
Reply With Quote
 
unsleepable unsleepable is offline
Junior Member
Join Date: Jun 2010
Posts: 1
 
      06-07-2010
Quote:
Originally Posted by essenz
There is a company that I want to work with who can provide web
content filtering, as well as access control. So they have a server at
their location that I need to forward or redirect all my outbound port
80 traffic to. This server at their location for arguments sake is
listening on public IP 5.6.7.9 tcp port 21453.

The company has supported configs for PIX/ASA, but not for Cisco
Layer3 switches or routers.
Hi,

Can you please post these proposed configurations? I would appreciate it for another project and from there we could also figure out the correct configuration for a router.

Thanks!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecting all Outgoing http traffic to an internal Web server r_elder@yahoo.com Cisco 7 03-30-2007 02:16 PM
Cisco 1721 and redirecting inbound SMTP traffic jlatulip Cisco 4 05-13-2006 10:39 PM
Need a tool or code for redirecting data from UDP port Mandhare Prashant C++ 0 04-24-2005 06:28 AM
Redirecting HTTP traffic based on host-header (or URL request) Tim Mavers Cisco 3 04-13-2004 06:31 PM
Redirecting all WWW traffic CybrSage Cisco 7 07-19-2003 03:03 PM



Advertisments