www transparent proxy ?

Discussion in 'Cisco' started by Casto, Dec 13, 2003.

  1. Casto

    Casto Guest

    (excuse my english, i'm not english or american)


    i want to install a www transparent proxy in my dmz.
    i have a 1700 series cisco with 3 ethernet int

    my lan network : 110.75.3.0 255.255.255.0 (110.75.3.210 address of the
    router)
    my dmz network : 80.19.3.0 255.255.255.0 (80.19.3.210 address of the router,
    address of my www proxy 80.19.3.25)
    outside network : 80.19.4.0 255.255.255.0 (80.19.4.210 address of the
    router)



    LAN ----------------ROUTER------------------OUTSIDE
    |
    |
    |
    |
    _____ |______
    DMZ (proxy)

    i install a sniffer in the DMZ and
    when i try to connect to an ouside web server, 110.75.3.1 --->
    80.19.4.1(www)
    i have in the dmz a paquet with
    source : 110.75.3.1 destination : 80.19.4.1 port : 80 (www.mytestdomain.com)
    (with destination mac address of my proxy, like a "routed" paquet)
    and i would like to have
    source : 110.75.3.1 destination : 80.19.3.25 port : 80
    (www.mytestdomain.com)

    is it normal ?
    is it possible to change the destination address ?
    a squid server can resolve this request with my paquet? (i don't install my
    proxy at the moment)

    can you help me, i try different configuration, but i didn't manage to work
    my transparent proxy with the proxy address in destination paquet

    i use use found on the web

    interface Ethernet0
    ip address 110.75.3.210 255.255.255.0
    ip policy route-map proxy-redir
    !
    interface Fastethernet 0
    ip address 80.19.3.210 255.255.255.0
    !
    interface Ethernet1
    ip address 80.19.4.210 255.255.255.0
    !
    access-list 110 deny tcp host 80.19.3.25 any eq www
    access-list 110 permit tcp any any eq www
    !
    route-map proxy-redir permit 10
    match ip address 110
    set ip next-hop 80.19.3.25




    thanks a lot

    xavier
     
    Casto, Dec 13, 2003
    #1
    1. Advertising

  2. In article <3fdb4130$0$19279$>,
    Casto <> wrote:
    >(excuse my english, i'm not english or american)
    >
    >
    >i want to install a www transparent proxy in my dmz.
    >i have a 1700 series cisco with 3 ethernet int
    >
    >my lan network : 110.75.3.0 255.255.255.0 (110.75.3.210 address of the
    >router)
    >my dmz network : 80.19.3.0 255.255.255.0 (80.19.3.210 address of the router,
    >address of my www proxy 80.19.3.25)
    >outside network : 80.19.4.0 255.255.255.0 (80.19.4.210 address of the
    >router)
    >
    >
    >
    >LAN ----------------ROUTER------------------OUTSIDE
    > |
    > |
    > |
    > |
    > _____ |______
    > DMZ (proxy)
    >
    >i install a sniffer in the DMZ and
    >when i try to connect to an ouside web server, 110.75.3.1 --->
    >80.19.4.1(www)
    >i have in the dmz a paquet with
    >source : 110.75.3.1 destination : 80.19.4.1 port : 80 (www.mytestdomain.com)
    >(with destination mac address of my proxy, like a "routed" paquet)
    >and i would like to have
    >source : 110.75.3.1 destination : 80.19.3.25 port : 80
    >(www.mytestdomain.com)
    >
    >is it normal ?
    >is it possible to change the destination address ?
    >a squid server can resolve this request with my paquet? (i don't install my
    >proxy at the moment)
    >
    >can you help me, i try different configuration, but i didn't manage to work
    >my transparent proxy with the proxy address in destination paquet
    >
    >i use use found on the web
    >
    >interface Ethernet0
    >ip address 110.75.3.210 255.255.255.0
    >ip policy route-map proxy-redir
    >!
    >interface Fastethernet 0
    >ip address 80.19.3.210 255.255.255.0
    >!
    >interface Ethernet1
    >ip address 80.19.4.210 255.255.255.0
    >!
    >access-list 110 deny tcp host 80.19.3.25 any eq www
    >access-list 110 permit tcp any any eq www
    >!
    >route-map proxy-redir permit 10
    >match ip address 110
    >set ip next-hop 80.19.3.25


    http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.5

    Use wccp if you can, very easy, route-map if you ned to.

    alan
     
    Alan Strassberg, Dec 15, 2003
    #2
    1. Advertising

  3. Casto

    Casto Guest

    i complete my question :
    does a squid server accept paquets like a router ?
    paquet destination : eth : [squid mac address] and ip[real ip
    destination of the web server].
    thanks

    xavier


    "Casto" <> a écrit dans le message de news:
    3fdb4130$0$19279$...
    > (excuse my english, i'm not english or american)
    >
    >
    > i want to install a www transparent proxy in my dmz.
    > i have a 1700 series cisco with 3 ethernet int
    >
    > my lan network : 110.75.3.0 255.255.255.0 (110.75.3.210 address of the
    > router)
    > my dmz network : 80.19.3.0 255.255.255.0 (80.19.3.210 address of the

    router,
    > address of my www proxy 80.19.3.25)
    > outside network : 80.19.4.0 255.255.255.0 (80.19.4.210 address of the
    > router)
    >
    >
    >
    > LAN ----------------ROUTER------------------OUTSIDE
    > |
    > |
    > |
    > |
    > _____ |______
    > DMZ (proxy)
    >
    > i install a sniffer in the DMZ and
    > when i try to connect to an ouside web server, 110.75.3.1 --->
    > 80.19.4.1(www)
    > i have in the dmz a paquet with
    > source : 110.75.3.1 destination : 80.19.4.1 port : 80

    (www.mytestdomain.com)
    > (with destination mac address of my proxy, like a "routed" paquet)
    > and i would like to have
    > source : 110.75.3.1 destination : 80.19.3.25 port : 80
    > (www.mytestdomain.com)
    >
    > is it normal ?
    > is it possible to change the destination address ?
    > a squid server can resolve this request with my paquet? (i don't install

    my
    > proxy at the moment)
    >
    > can you help me, i try different configuration, but i didn't manage to

    work
    > my transparent proxy with the proxy address in destination paquet
    >
    > i use use found on the web
    >
    > interface Ethernet0
    > ip address 110.75.3.210 255.255.255.0
    > ip policy route-map proxy-redir
    > !
    > interface Fastethernet 0
    > ip address 80.19.3.210 255.255.255.0
    > !
    > interface Ethernet1
    > ip address 80.19.4.210 255.255.255.0
    > !
    > access-list 110 deny tcp host 80.19.3.25 any eq www
    > access-list 110 permit tcp any any eq www
    > !
    > route-map proxy-redir permit 10
    > match ip address 110
    > set ip next-hop 80.19.3.25
    >
    >
    >
    >
    > thanks a lot
    >
    > xavier
    >
    >
     
    Casto, Dec 15, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Enrico Gloeckner

    transparent www proxy - pix port forwarding

    Enrico Gloeckner, Nov 9, 2003, in forum: Cisco
    Replies:
    1
    Views:
    2,460
    Walter Roberson
    Nov 9, 2003
  2. Enrico Gloeckner
    Replies:
    2
    Views:
    13,928
    Alan Strassberg
    Nov 29, 2003
  3. Mirek
    Replies:
    1
    Views:
    7,214
    Alan Strassberg
    Jan 18, 2004
  4. Replies:
    2
    Views:
    630
  5. James Sleeman
    Replies:
    12
    Views:
    922
    joe_90
    Sep 19, 2004
Loading...

Share This Page