Re: [squid-users] Transproxy & FW-1

From: Joerg Fritsch <[email protected]>
Date: Tue, 19 Feb 2002 20:21:59 +0100

Hello,

Why don't you trim your Proxy to listen on Port 80 ?

Congratulations, you have read through the Checkpoint Docs very
carefully. It is a Checkpoint Interna that routing occours before
NATing. It means that when the packet enters your Firewall it will stay
untouched on routed by the OS to the right interface and THEN Checkpoint
will NAT it according to the rulebase.

This is only mentioned because NATing might need additional arp entries
and additional routes in a CheckpointHost, so that the packets will find
there way. i.e. you might need a route an the CheckpointHost from
@ip_dest to @ip_proxy.

It will probably work, if not, your problem won't be a routing issue but
the SRC "any". I dun know if any can be a SRC for NAT. Pls let me know
if it works.

--Joerg

Am Montag den, 18. Februar 2002, um 19:50, schrieb Bizou:

> Hello,
>
> can someone confirm me that it is possible to redirect traffic with
> FW-1 :
>
> NAT SRC |
> NAT DST
> SRC@IP DST@IP service | SRC@IP DST@IP
> service
>
> any any 80 | any
> @ip_proxy 3128
>
> I'm wondering this cos i'll have a demo to make in a few days with
> squid in
> transproxy mode and FW-1 , but when i read FW-1 doc, it's written : "nat
> occurs after packets are routed". So this would mean that if my squid
> proxy
> is not on the external NIC, it won't work.....
>
> Does someone have already tried this?
>
> Thanks
>
> David
>
>
Received on Tue Feb 19 2002 - 12:22:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:26 MST