0

At the company I work for we need to implement what I think it's called transparent proxy.

How it's now:

A(lower secured area)--Cisco ASA-----Cisco ASA----B(higher secured area)

What we need:

A(lower secured area)--Cisco ASA---(eth0)Proxy(eth1)---Cisco ASA----B(higher secured area)

We've already set up an alpine linux with squid proxy, added two interfaces for both sides towards the firewalls but hit a wall with the iptables configuration.

The proxy just needs to log traffic and pass through everything, without change to packets on src/dst. We don't need any kind of filtering or blocking, all 1-65535 ports can be allowed.

Read about TPROXY, but couldn't find a good example to try.

I know that there are other design options for an implementations like this, but this is how it must be done.

Chris
  • 1

1 Answers1

0

As far as I understand the question the second firewall shall not matter; Squid will just intercept the first HTTP(S) request transparently, send it to the remote web site and return the response to the initial caller. One possible way (although not like you have described) is to use WCCP in Cisco - see a tutorial at https://docs.diladele.com/tutorials/web_filter_https_squid_cisco_wccp/index.html

Rafael
  • 534
  • 2
  • 3