Ok, full task:

I have a network 10.0.0.1/24, i have a proxy server 10.0.0.10 port 3128. So, I want to do redirection from 10.0.0.1/24 to any web (destination port 80, 8080, 443) to my proxy server 10.0.0.10 port 3128. How can I do it?

Sorry, I may not clearly understand your network setup, because it seems to me that your proxy server is on the same network as your hosts whose traffic you want to redirect, is it not ?

Yes, sorry my first mistakes =) I want to do redirection inside one network. My proxy server and client PCs in one network 10.0.0.1/24

Well, as far as I know, this is not possible.

NAT is always working between interfaces designated as inside and outside and are able to translate between different networks.

Laszlo

And If it will be a different network?

For example, my proxy server ip 20.0.0.10 - how can I do changing of destination port for many hosts?

So you want to redirect all traffic destined to specific ports but any ip address, to a specific ip address and a specific /squid/ port ?

First I thought PBR would help, but it will not change the destination IP.

What you want to do, is rather a proxy functionality, and I do not think a router would do that.

It is an interesting question and I am still thinking on it, but for now I do not have any idea.

"So you want to redirect all traffic destined to specific ports but any ip address, to a specific ip address and a specific /squid/ port ?"

Yes, it's correct

I think about route-map and "ip nat inside" with route-map, but I still have a problem with destination port changing. Thanks for you working/thinking =)

Hi,

Have you found a solution. I'm looking for the same workaround?

Greets,

Norbert

Hi,

What if we create subinterfaces on the inside interface ?

f0/0.1 - VLAN 10 - 10.0.0.0/24 - your inside LAN

f0/0.2 - VLAN 20 - 20.0.0.0/24 - NW in which your Squid proxy resides

create subinterfaces on the inside interface....

f0/0.1 - VLAN 10 - 10.0.0.0/24 - your inside LAN

f0/0.2 - VLAN 20 - 20.0.0.0/24 - NW in which your Squid proxy resides

Configure the Squid proxy with 2 instances one listening on port 80 and other instance listening on port 443.

Now Use route map to forward port 80 requests to Squid proxy on port 80

and forward port 443 requests to Squid on port 443

Hi

Can this linux sample somehow be configured on an ASA or IOS-Router?

At least it should be work for the squid-box. Route-map (port 80) -> squid (port 80) -> iptables -> squid (port 8080)

Redirection

There is a specialized case of Destination NAT called redirection: it is a simple convenience which is exactly equivalent to doing DNAT to the address of the incoming interface.

## Send incoming port-80 web traffic to our squid (transparent) proxy

# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \

-j REDIRECT --to-port 8080