From owner-freebsd-net@FreeBSD.ORG Thu Feb 3 23:34:26 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07E5916A4CE for ; Thu, 3 Feb 2005 23:34:25 +0000 (GMT) Received: from lariat.org (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4564343D41 for ; Thu, 3 Feb 2005 23:34:25 +0000 (GMT) (envelope-from brett@lariat.org) Received: from runaround.lariat.org (cache.lariat.net [65.122.236.253]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA03670 for ; Thu, 3 Feb 2005 16:34:22 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.2.1.2.2.20050203162558.086feaa8@localhost> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 03 Feb 2005 16:33:48 -0700 To: net@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 23:34:26 -0000 I'm setting up a FreeBSD transparent Web proxy for a client which has an old (vintage 1998) Cisco PIX firewall router. I know how to make the proxy accept packets forwarded to it (even though the destination IP addresses of those packets will not be that of the proxy machine itself) and do transparent caching. However, to complete the puzzle, I need to make the client's PIX firewall forward outbound packets destined for port 80 (regardless of IP address) to the proxy. I can't seen to find the magic incantation in Cisco's online docs. Does anyone here know the Cisco equivalent of the IPFW "fwd" action, (which changes the "next hop" MAC address of a packet if it meets the criteria specified in a rule) and how to write a rule for the PIX to forward the packets? Help would be much appreciated. --Brett Glass