Firewall Wizards mailing list archives

RE: Transparent proxying

From: "Yachera, Stanley" <Stanley_Yachera () cable comcast com>
Date: Thu, 12 Feb 2004 17:22:06 -0500

I believe you are trying to do the following:

!inside interface on router
interface Ethernet 0/0
 ip policy route-map forced-proxy

!proxy
access-list 101 deny tcp host x.x.x.x any eq 80
!client network
access-list 101 permit tcp y.y.y.y any eq 80

!map
route-map forced-proxy permit 10
 match ip address 101
 set ip next-hop x.x.x.x

Where x.x.x.x = proxy and y.y.y.y= local network or pertinent hosts.

260xx series routers, quite affordable now a days..
As long as your users default route is this machine, and your default route
on the proxy
is your IA gear, all is well.

S. Yachera
http://www.bitbucketit.com


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of jm
Sent: Wednesday, February 11, 2004 10:55 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Transparent proxying



Hello everybody,

I'm trying to enable transparent proxying from a router or from a L3/4
switch and after a day spent on Cisco, Extreme Networks and other Enterasys
website I'm still completely clueless as to whether I need a $1,000 or a
$15,000 box. Since obviously I would prefer the former, I'm relying on your
advices.

I have a proxy server processing some HTTP and some other stuff: mostly I
want to receive packets based on IP and/or on port. I'd like a router/switch
device that can transparently route packets to my proxy server. I have three
different locations to provide, one with about 1,000 users, the other with
3,000 and the last one with over 8,000 seats. I cannot touch the existing
infrastructure (i.e. reconfigure the existing Cisco boxes already in place)
but I can insert my router/switch in-line on the LAN side of the firewall.

In addition I need the router/switch to be remotely configurable from my
proxy server. And finally I need some equipment which from a brand which is
known enough that it won't raise too much eyebrows when installed in-line
(i.e. Linux is out of the picture, Cisco would be ideal if the price is
correct).

So what do I need? A router? An L3 switch? An L4 gizmo? Which price range?
Your help would be much appreciated.

Thanks,

jm



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Transparent proxying Yachera, Stanley (Feb 12)
- RE: Transparent proxying kaptain (Feb 13)
  - RE: Transparent proxying Victoria of Borg (Feb 16)