I have been searching for the last few days on some techniques to integrate a Squid web cache with a PIX firewall in a transparent fashion. Most of the information I am finding involves using the Squid web cache as the default gateway along with an iptables firewall that transparently redirects outbound TCP port 80 traffic to port 3128 (the Squid web cache port). The web cache then talks to the PIX, which takes it from there. Certainly, this works, but it is not what I was hoping to find. I’d really like a way to have the PIX redirect the traffic, but it appears that the PIX OS does not support that functionality. How can this be? The pf firewall in OpenBSD supports redirection, if I’m not mistaken. The iptables firewall in Linux supports redirection. But not Cisco’s PIX OS? Is it just me, or does anyone else see a problem with this?
The weblog of an IT pro specializing in virtualization, storage, and servers
Scott’s Weblog by Scott Lowe is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
4 comments
Thursday, January 18, 2007 at 1:50 pm
Alexey
Scott,
I am trying to do just that. I am looking for a way to rewrite packets destined for :80 to my internal squid box:3128 via the PIX. Have you had any luck with this?
Thursday, January 18, 2007 at 4:58 pm
slowe
No luck whatsoever.
Thursday, January 18, 2007 at 6:01 pm
Alexey
I gave up and put a linux bridged firewall between pix and lan. works great.
Thursday, January 18, 2007 at 6:14 pm
slowe
Yeah, I thought about doing that, but I just didn’t feel like putting up with the extra complexity for the small network that was involved in this instance. For a larger network, I’d probably go that route to avoid having to make changes on all the desktop systems.
Thanks for the responses, Alexey.
Scott