From owner-freebsd-net@FreeBSD.ORG Fri Feb 4 07:14:20 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7429F16A4CE for ; Fri, 4 Feb 2005 07:14:20 +0000 (GMT) Received: from mail.astra-sw.com (mail.astra-sw.com [82.140.87.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BD4343D49 for ; Fri, 4 Feb 2005 07:14:19 +0000 (GMT) (envelope-from Nickolay.Kritsky@astra-sw.com) Received: from exchange.stardevelopers4msi.com ([192.168.64.10]) by mail.astra-sw.com (8.12.11/8.12.11) with ESMTP id j147EDC3042413 for ; Fri, 4 Feb 2005 10:14:14 +0300 (MSK) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Date: Fri, 4 Feb 2005 10:16:31 +0300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? thread-index: AcUKSUceR/vWxqFXRaWxcg2HiQf8sgAPr6pw From: "Nickolay Kritsky" To: "Brett Glass" , Subject: RE: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 07:14:20 -0000 Brett, I do not think that PIX has an equivalent of ipfw 'fwd' command. = The fastest way, IMHO would be just set up your transparent web proxy as = a default gateway for PIX. You can also try policy routing as described = in this Usenet article: = http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_frm/thread= /e131e32e97e4566/ee37814ac6c6c658?q=3Dpix+transparent&_done=3D%2Fgroups%3= Fq%3Dpix+transparent%26hl%3Den%26lr%3D%26sa%3DN%26tab%3Dwg%26&_doneTitle=3D= Back+to+Search&&d#ee37814ac6c6c658 But I wouldn't try this if I were you. PIX is not IOS, and AFAIK it was = not designed for complex network solutions. Firewall - yes. Filtering, = security features, advanced VPN support - yes. But not routing tricks. Hope that helps Nick -----Original Message----- From: Brett Glass [mailto:brett@lariat.org] Sent: Friday, February 04, 2005 2:34 AM To: net@freebsd.org Subject: Does the Cisco PIX have an equivalent of the IPFW "fwd" action? I'm setting up a FreeBSD transparent Web proxy for a client which has an = old=20 (vintage 1998) Cisco PIX firewall router. I know how to make the proxy = accept=20 packets forwarded to it (even though the destination IP addresses of = those packets will not be that of the proxy machine itself) and do transparent = caching.=20 However, to complete the puzzle, I need to make the client's PIX = firewall forward=20 outbound packets destined for port 80 (regardless of IP address) to the = proxy. I=20 can't seen to find the magic incantation in Cisco's online docs. Does = anyone here=20 know the Cisco equivalent of the IPFW "fwd" action, (which changes the = "next hop"=20 MAC address of a packet if it meets the criteria specified in a rule) = and how to=20 write a rule for the PIX to forward the packets? Help would be much = appreciated. --Brett Glass _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"