Hi to everyone,
Does anyone know if the FWSM v 4.1.3 is capable to forward return packets to the MAC address that sent them to it first?
Thank you very much
Solved! Go to Solution.
Your question is not clear; please elaborate........ are you try to do a hair-pinning setup ?
thank you for interesting.
I try to explain my problem with an example:
I have an enviroment with three transparent proxy servers (named P1,P2 and P3), that access to internet using a virtual firewall FWSM v 4.1.3.
For packets not precessed by proxies but only "routed" by proxies, I'd need that the FWSM is capable to forward the return packet to the proxies that sent the first packet to the FWSM.
Host A wants to go to internet using randomly one of three transparent proxies. Let's say that the proxy named P1 has been chosen.
The proxy P1 is not capable to process the traffic of the Host A so it routes the traffic to its next hop (the FWSM virtual firewall).
The traffic routed by the proxy P1 has the source IP of the Host A, because the proxy P1 has not been able to process it.
At this point the FWSM receives the traffic of the Host A from the proxy P1 and it let the traffic to go to internet.
When The FWSM receives from internet the traffic in response to the Host A, I'd nees that the FWSM forwards this traffic to the proxy P1 without insert any static route entry on the FWSM.
In the blue coat proxy servers this feature is called "return to sender". The blue coat keeps track of the MAC address that sent to it a packet and the response will be sent to the same MAC address.
Is there a feature like this in the FWSM v 4.1.3?
Thank you again for any answer
I'm afraid the following statement in your post is not correct:
"When The FWSM receives from internet the traffic in response to the Host A, I'd nees that the FWSM forwards this traffic to the proxy P1 without insert any static route entry on the FWSM."
If the source-IP of the packet was not changed by the Proxy (P1) it means the destination IP of the return packet from the Internet will be the same i.e. the IP address of Host-A and not the proxy; FWSM will simple do an ARP table lookup and send it back to to Host'A MAC ID.
If you want the return packet to go to the proxy P1 why don't you let that proxy modify the source IP in the orginal packet?
Ok it's right, I think I made the wrong question.
So I try again:
Does FWSM keep track about the MAC address that forward to it a packet?
Does FWSM use this "track" to make routing decisions?
I hope was clear"
Thank you again!
Ok. that's I need to know.
thank you very much!
Anyway try to read this link, maybe it can expain better than I did.
Bye and thank you again!