On Thu, 19 Oct 2000, Mark Kinley wrote:
> Here's one for all you Cisco Mentors out there.
>
> I have recently installed a Catalyst switch 6500 here in the hospital.
> I have a direct T1 from my local ISP to this site.
>
> My Challange is to:
>
> Route all HTTP traffic from my client p.c's via default gateway 172.16.1.3 (port 80)
>to my PIX Firewall(linux server/ Red Hat)172.16.1.163 (port 8002)
>
> in other words, every p.c. that has internet access will go directly to default
>gateway then to the firewall and gain access to the local isp.
>
> I am playing around with access-list / extended access-list
>
> welcome any solutions / resolutions to this problem.
A few things before I present the solution. If you are trying to do Web
Cache redirection/transparent proxying, you really should be using
WCCP. If you give us more detail about why you are doing this and what
applications you are doing this for, a better solution can be
provided. But without knowing, I can only offer policy routing, which
will work regardless:
Ok, for this I will assume 172.16.1.0/24 is your network. 172.16.1.3 is
your router, and 172.16.1.163 is your web cache:
!
interface Ethernet0
ip address 172.16.1.3 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
ip policy route-map proxy-redir
!
access-list 110 deny tcp host 172.16.1.163 any eq www
access-list 110 permit tcp any any eq www
route-map proxy-redir permit 10
match ip address 110
set ip next-hop 172.16.1.163
then on the linux server, you will need to capture port 80 and conver to
port 8002:
in rc.local just put like:
echo 1 > /proc/sys/net/ipv4/ip_forward
# Accept all on loopback
/sbin/ipchains -A input -j ACCEPT -i lo
# Accept my own IP, to prevent loops (repeat for each interface/alias)
/sbin/ipchains -A input -j ACCEPT -p tcp -d 172.16.1.163 80
# Send all traffic destinated to port 80 to cache on port 8002
/sbin/ipchains -A input -j REDIRECT 8002 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80
if your using an older version of Redhat which is based on ipfwadm rather
than ipchains, you would do:
# ip forward
echo 1 > /proc/sys/net/ipv4/ip_forward
# Accept all on loopback
/sbin/ipfwadm -I -a accept -W lo
# Accept my own IP, to prevent loops (repeat for each interface/alias)
/sbin/ipfwadm -I -a accept -P tcp -D 172.16.1.163 80
# Send all traffic destinated to port 80 to cache on port 8002
/sbin/ipfwadm -I -a accept -P tcp -D 0/0 80 -r 8002
-----------------------------------------------
Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
