The PIX is already doing NAT, so I'd have to put a NAT router in front of another NAT router (how inefficient!) to do that. But it might well be the only option if the PIX is that limited.
--Brett At 12:16 AM 2/4/2005, Nickolay Kritsky wrote: >Brett, I do not think that PIX has an equivalent of ipfw 'fwd' command. The >fastest way, IMHO would be just set up your transparent web proxy as a default >gateway for PIX. You can also try policy routing as described in this Usenet >article: >http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_frm/thread/e131e32e97e4566/ee37814ac6c6c658?q=pix+transparent&_done=%2Fgroups%3Fq%3Dpix+transparent%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=Back+to+Search&&d#ee37814ac6c6c658 > >But I wouldn't try this if I were you. PIX is not IOS, and AFAIK it was not >designed for complex network solutions. Firewall - yes. Filtering, security >features, advanced VPN support - yes. But not routing tricks. >Hope that helps > >Nick > >-----Original Message----- >From: Brett Glass [mailto:[EMAIL PROTECTED] >Sent: Friday, February 04, 2005 2:34 AM >To: [EMAIL PROTECTED] >Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? > > >I'm setting up a FreeBSD transparent Web proxy for a client which has an old >(vintage 1998) Cisco PIX firewall router. I know how to make the proxy accept >packets forwarded to it (even though the destination IP addresses of those >packets will not be that of the proxy machine itself) and do transparent >caching. >However, to complete the puzzle, I need to make the client's PIX firewall >forward >outbound packets destined for port 80 (regardless of IP address) to the proxy. >I >can't seen to find the magic incantation in Cisco's online docs. Does anyone >here >know the Cisco equivalent of the IPFW "fwd" action, (which changes the "next >hop" >MAC address of a packet if it meets the criteria specified in a rule) and how >to >write a rule for the PIX to forward the packets? Help would be much >appreciated. > >--Brett Glass > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
