Check your proxy server documenation - maybe it can work as a transparent proxy so if you forward all traffic via the proxy server it will catch and manipulate as needed.
You can block outbound port 80 at the pix, allow access to the Internet only via the proxy server, and use a network management tool (login script/SMS/GPO/IEAK etc...) to set proxy options on clients.
thanks yizhar
but i have not well understand your post. I will aswer in different manner:
How to redirect all outgoing traffic to TCP/80 to on fixed IP (our http proxy) :
Incomming to PIX | After Having got through PIX
-------------------------------
Source IP |10.10.10.10/24|10.10.10.10/24|Source IP
Destination |80 |80 |Destination Port
port | | |
* You can use a transparent proxy that will be the default gateway of the pix, or the default gateway of the clients inside of the pix (better because then the pix protects the proxy server).
* You can configure the clients with proxy server settings.
This is the best option if you have control of the clients, and allows you to more flexible proxy server placement (for example on a dedicated or DMZ pix interface).
Thanks very much yizhar
So many $$$ and it can't do that !!! i will replace it with a linux PC with 3 ethernet cards and it can do all i want for less than 1000$
It can redirect, control the number of incoming ping protect from spoof DOS attacts .. and many others options, it's coded in the kernel of the OS.
I'm new here, so this may be too late for you, but you can actually do what you want on the PIX. Yizhar is correct for OSes before 6.0, but I see that you say you are 6.2, so this should work.
The x.x.x.x is any valid outside address (including the PIX outside interface address for PAT users)
Having said all that, I have never tried it between 2 'internal' interfaces, but I can't think of any reason it wouldn't work.
If you're only changing the port number and not the address, I'd suggest trying something like
static (inside,outside) tcp 10.10.10.10 80 10.10.10.10 8080 netmask 255.255.255.255 0 0
... but again, I've not tried that myself.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.