Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
redirect port 80 to 8080
- Thread starter haneo
- Start date
HI.
I don't think that the pix can do that.
Check your proxy server documenation - maybe it can work as a transparent proxy so if you forward all traffic via the proxy server it will catch and manipulate as needed.
You can block outbound port 80 at the pix, allow access to the Internet only via the proxy server, and use a network management tool (login script/SMS/GPO/IEAK etc...) to set proxy options on clients.
Bye
Yizhar Hurwitz
I don't think that the pix can do that.
Check your proxy server documenation - maybe it can work as a transparent proxy so if you forward all traffic via the proxy server it will catch and manipulate as needed.
You can block outbound port 80 at the pix, allow access to the Internet only via the proxy server, and use a network management tool (login script/SMS/GPO/IEAK etc...) to set proxy options on clients.
Bye
Yizhar Hurwitz
- Thread starter
- #3
thanks yizhar 
but i have not well understand your post. I will aswer in different manner:
How to redirect all outgoing traffic to TCP/80 to on fixed IP (our http proxy) :
Incomming to PIX | After Having got through PIX
-------------------------------
Source IP |10.10.10.10/24|10.10.10.10/24|Source IP
Destination |80 |80 |Destination Port
port | | |
Destination |x.x.x.x/32 |IP of our HTTP/proxy|Destination
address | | | address
-------------------------------
Thanks very much in advance.
but i have not well understand your post. I will aswer in different manner:
How to redirect all outgoing traffic to TCP/80 to on fixed IP (our http proxy) :
Incomming to PIX | After Having got through PIX
-------------------------------
Source IP |10.10.10.10/24|10.10.10.10/24|Source IP
Destination |80 |80 |Destination Port
port | | |
Destination |x.x.x.x/32 |IP of our HTTP/proxy|Destination
address | | | address
-------------------------------
Thanks very much in advance.
HI.
So I still answer the same:
* Pix cannot do that.
* You can use a transparent proxy that will be the default gateway of the pix, or the default gateway of the clients inside of the pix (better because then the pix protects the proxy server).
* You can configure the clients with proxy server settings.
This is the best option if you have control of the clients, and allows you to more flexible proxy server placement (for example on a dedicated or DMZ pix interface).
Bye
Yizhar Hurwitz
So I still answer the same:
* Pix cannot do that.
* You can use a transparent proxy that will be the default gateway of the pix, or the default gateway of the clients inside of the pix (better because then the pix protects the proxy server).
* You can configure the clients with proxy server settings.
This is the best option if you have control of the clients, and allows you to more flexible proxy server placement (for example on a dedicated or DMZ pix interface).
Bye
Yizhar Hurwitz
- Thread starter
- #5
Thanks very much yizhar
So many $$$ and it can't do that !!! i will replace it with a linux PC with 3 ethernet cards and it can do all i want for less than 1000$
It can redirect, control the number of incoming ping protect from spoof DOS attacts .. and many others options, it's coded in the kernel of the OS.
Thanks again yizhar for your help.
So many $$$ and it can't do that !!! i will replace it with a linux PC with 3 ethernet cards and it can do all i want for less than 1000$
It can redirect, control the number of incoming ping protect from spoof DOS attacts .. and many others options, it's coded in the kernel of the OS.
Thanks again yizhar for your help.
Haneo,
I'm new here, so this may be too late for you, but you can actually do what you want on the PIX. Yizhar is correct for OSes before 6.0, but I see that you say you are 6.2, so this should work.
Try:
static (inside,outside) tcp x.x.x.x 80 10.10.10.10 8080 netmask 255.255.255.255 0 0
The x.x.x.x is any valid outside address (including the PIX outside interface address for PAT users)
Having said all that, I have never tried it between 2 'internal' interfaces, but I can't think of any reason it wouldn't work.
If you're only changing the port number and not the address, I'd suggest trying something like
static (inside,outside) tcp 10.10.10.10 80 10.10.10.10 8080 netmask 255.255.255.255 0 0
... but again, I've not tried that myself.
Hope that works for you,
PD.
I'm new here, so this may be too late for you, but you can actually do what you want on the PIX. Yizhar is correct for OSes before 6.0, but I see that you say you are 6.2, so this should work.
Try:
static (inside,outside) tcp x.x.x.x 80 10.10.10.10 8080 netmask 255.255.255.255 0 0
The x.x.x.x is any valid outside address (including the PIX outside interface address for PAT users)
Having said all that, I have never tried it between 2 'internal' interfaces, but I can't think of any reason it wouldn't work.
If you're only changing the port number and not the address, I'd suggest trying something like
static (inside,outside) tcp 10.10.10.10 80 10.10.10.10 8080 netmask 255.255.255.255 0 0
... but again, I've not tried that myself.
Hope that works for you,
PD.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question