"Henrik Holm Jensen" <henrik.holm@mil.dk> wrote in message
news:40961aed$0$420$edfadb0f@dread14.news.tele.dk...
> Setup:
> INTERNET
> |
> PIX
> |
> LAN - Mailserver
> |
> Klinter
>
>
> klienters SMTP adresse: diverse SMTP servere som er åbne
>
> Ønske:
> At få ALT trafik, fra klienterne, på port 25 redirected til en lokal
SMTP
> server som så står for at sende mailene videre til SMTP.mail.dk (efter
der
> er foretaget virusscan + content scan).. kan ovenstående lade sig
gøre?
>
Med lidt hjælp fra Google ...
******
http://www.hamdard.net.pk/~faisal/whitepapers/conftproxy.pdf
Step 6 Using Cisco Router to Redirect Internet Traffic
The last step in making this transparent proxy work is redirecting
traffic from your gateway router to proxy. Firstly we define an access
list and then apply it to the router's interface which is connected to
the dial-up users. Applying the access list on this interface will
definitely be seen and proved as a bandwidth saver. The router
configuration will look something like this:
interface ethernet0/1
ip policy route-map transparent
!
access-list 110 permit tcp 201.135.22.0 0.0.0.255 any eq www (burde
kunne ændres til smtp)
route-map transparent permit 10
match ip address 110
set ip default next-hop 62.31.52.58
!
This defines the next hop to 62.31.52.58 (the proxy server) for web
traffic, which is a server (Linux Red Hat) running transparent proxy.
Now, whenever an IP packet with destination port 80 enters the router's
Ethernet (Ethernet0/1), it is sent to IP address 62.31.52.58. It is the
responsibility of this Linux system to send it to the proxy server
running locally on the server.
When this is done, the redirection of traffic can be checked using the
show route-map and show ip access-list 110 commands. An increasing
number of packets and access-list matches shows that IP packets with
port 80 are being redirected to the Linux machine.
*****
Fra denne side:
http://www.linux-sec.net/Firewall/HowTo/
ReDirect all SMTP traffic
http://www.sans.org/rr/papers/index.php?id=586 (PIX config eks. i
slutningen)
-- Søren