Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
388
Views
0
Helpful
2
Replies

http traffic through pix

aun.raza
Level 1
Level 1

‎08-09-2003 03:40 AM - edited ‎02-20-2020 10:55 PM

I have a dual-homed freebsd box running squid. The outside interface is connected to a switch that has the outside interface of the MS proxy connected to it and the inside interface of the PIX.

I can access the web just fine going through the MS Proxy, but from the FreeBSD box, I can only go to FTP sites, and do DNS lookups - http does not work, not even from the box itself. I can see requests going out, but no response.

Help.

0 Helpful
2 Replies 2

jmia
Level 7
Level 7

‎08-09-2003 04:52 AM

Hello Aun,

I think the problem is on the config of squid on your FreeBSD box rather then the PIX, Please read the following document which might help in your problem:

http://squid-docs.sourceforge.net/latest/html/x505.html

and here is the full guide to squid:

http://squid-docs.sourceforge.net/latest/html/book1.html

and : http://www.pix.net/software/squid/

Thanks -

0 Helpful

aun.raza
Level 1
Level 1
In response to jmia

‎08-10-2003 03:33 AM

I read the documentation. I am not sure the problem is entirely with the FreeBSD box, as I can get to FTP sites, and do domain lookups. Here's a tcpdump on the outside interface of the FreeBSD box:

14:18:49.789760 dnsserver.domain > aedxbweb01.timbuktu-srv4: 60190* 1/3/3 PTR[|domain] (DF)

14:18:49.790628 aedxbweb01.gandalf-lm > dnsserver.domain: 60191+ PTR? 233.171.68.207.in-addr.arpa. (45)

14:18:49.813683 dnsserver.domain > aedxbweb01.gandalf-lm: 60191 2/5/5[|domain] (DF)

14:18:52.720725 aedxbweb01.1188 > ld.cb.msn.com.http: S 3082282937:3082282937(0) win 57344 (DF)

14:18:55.920770 aedxbweb01.1188 > ld.cb.msn.com.http: S 3082282937:3082282937(0) win 57344 (DF)

14:18:59.120827 aedxbweb01.1188 > ld.cb.msn.com.http: S 3082282937:3082282937(0) win 57344 (DF)

So as you can you see, "domain" (port 53) traffic is working just fine, as does FTP and SMTP, when I try to telnet to those ports on machines sitting on the internet. HTTP does not work, the requests go unanswered.

Squid works when I try to go to FTP sites from the clients, so I don't think it is the FreeBSD box. Somethings happening on the PIX thats not letting it return HTTP addresses.

I have nat (inside) 1 0 0 and global (outside) 1 interface on the PIX for natting. Its currently PATting two addresses, one for the MS Proxy outside interface and one for the FreeBSD outside interface. MS Proxy works just fine though.

-aun.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card