RE: Squid proxy and cCheckPoint port forwarding.

> -----Original Message-----
> From: Serg Belokamen [mailto:sergb@tpg.com.au] 
> Sent: Tuesday, January 18, 2005 10:56 AM
> To: firewalls@securityfocus.com
> Subject: Squid proxy and cCheckPoint port forwarding.
>
> Hi All,
>
> At my work, we are looking at deploying a Squid caching proxy 
> to act as transperant proxy.  To achieve this we thought to 
> port forward all port 80 traffic from the firewall to the 
> proxy and let it take care of it.
>
> The problem here is that I couldn't find any references to 
> CheckPoint being able to port forward traffic...

Well, actually all you have to do in Check Point is a destination nat
rule. The settings in squid.conf are the one related to transparent
proxy (http://www.tldp.org/HOWTO/TransparentProxy-4.html).
Let's suppose your squid is at 192.168.1.101, port 3128. Then you need a
rule in Check Point that states that for ORIGINAL PAKET  source
*your_LAN*, destination *! Your_LAN*, service *what_you_need_to_proxy*,
TRANSLATED PAKET must have source *same*, destination *192.168.1.101*,
service *squid_port*. Ah, well, you need to define a service called for
example "squid_port", with port 3128.

I presume this will work for you.

--
Ionut Boldizsar
Chief Technology Officer
iSEC - Information Security Expert Center
Provision Software Division
Tel: (+4021) 3211568, 3213749
Fax:(+4021) 3236570

The information in this email is confidential, and intended solely for
the addressee. Access to this email by anyone else is unauthorized. Any
copying or further distribution beyond the original recipient is not
intended, and may be unlawful.