[nsp] forcing users through http/smtp proxy - how?

Matt Stevens matt at elevate.org
Mon Jun 30 09:51:45 EDT 2003 

No. Next hop means next-hop - so it will only send traffic to devices on
directly connected networks.
--
matt



> -----Original Message-----
> From: Prashant Desai [mailto:prashant.desai at in.iqara.net] 
> Sent: Monday, June 30, 2003 8:45 AM
> To: Matt Stevens; 'matthew zeier'; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] forcing users through http/smtp proxy - how?
> 
> 
> will this work eventough the nex hop is not in the same lan segment
> 
> Thanks & Rgds,
> Prashant Desai
> 
> You only live once, but if you work it right, once is enough
> ----- Original Message -----
> From: "Matt Stevens" <matt at elevate.org>
> To: "'matthew zeier'" <mrz at intelenet.net>; <cisco-nsp at puck.nether.net>
> Sent: Monday, June 30, 2003 9:11 PM
> Subject: RE: [nsp] forcing users through http/smtp proxy - how?
> 
> 
> > Try using a route-map with 'set ip next-hop' - your proxies 
> (at least
> http) will
> > need to have a 'transparent' mode.
> > --
> > matt
> >
> >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net
> > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of 
> matthew zeier
> > > Sent: Sunday, June 29, 2003 9:06 PM
> > > To: cisco-nsp at puck.nether.net
> > > Subject: Re: [nsp] forcing users through http/smtp proxy - how?
> > >
> > >
> > > That works but I wanted more of a transparent method.
> > >
> > > I think with WCCP and Squid I can do this.
> > >
> > > ----- Original Message -----
> > > From: "Dmitri Kalintsev" <dek at hades.uz>
> > > To: <cisco-nsp at puck.nether.net>
> > > Sent: Sunday, June 29, 2003 7:27 PM
> > > Subject: Re: [nsp] forcing users through http/smtp proxy - how?
> > >
> > >
> > > > Put an ACL to disallow them connecting with anything but
> > > your proxy on the
> > > > ports you want.
> > > >
> > > > acce 100 perm tcp any 1.1.1.1 eq 25
> > > > acce 100 deny tcp any any eq 25
> > > > acce 100 perm tcp any 2.2.2.2 eq 80
> > > > acce 100 deny tcp any any eq 80
> > > > acce 100 perm ip any any
> > > >
> > > > Brutal, but works. :) You'll have to let them know that
> > > you're doing that
> > > > first, of course.
> > > >
> > > > On Sat, Jun 28, 2003 at 03:20:31PM -0700, matthew zeier wrote:
> > > > >
> > > > > I have T1 customers coming into a 7200 and for port 80 or
> > > 25 I want to
> > > force
> > > > > them through certain web proxies or smtp proxies.
> > > > >
> > > > > What's the best way to do this?
> > > > >
> > > > > Thanks.
> > > > >
> > > > > --
> > > > > matthew zeier - "Nothing in life is to be feared.  It is
> > > only to be
> > > > > understood." - Marie Curie
> > > > >
> > > > > _______________________________________________
> > > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > > ---end quoted text---
> > > >
> > > > --
> > > > D.K.
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
>

More information about the cisco-nsp mailing list