Ok. I tryed to use nat on cisco, but I could not disallow an opportunity to send/receive files. )o:
Code:
cisco6509-0#sh run | inc nat
tunnel destination 217.106.13.2
ip nat outside
ip nat inside
ip nat inside
ip nat inside
ip nat pool icq_pool 192.168.80.210 192.168.80.210 prefix-length 24
ip nat inside source list 105 pool icq_pool overload
ip nat inside source list 7 interface Vlan100 overload
cisco6509-0#sh ip nat transl
Pro Inside global Inside local Outside local Outside global
tcp 192.168.80.210:2134 10.10.6.113:2134 205.188.7.184:5190 205.188.7.184:5190
tcp 192.168.80.210:2289 10.10.6.113:2289 205.188.7.184:5190 205.188.7.184:5190
cisco6509-0#sh run | inc access-list 105
access-list 105 permit tcp 10.10.6.0 0.0.0.255 205.188.0.0 0.0.255.255 eq 5190
access-list 105 permit tcp 10.10.6.0 0.0.0.255 64.12.0.0 0.0.255.255 eq 5190
access-list 105 deny ip any any
alias exec sh105 sh run | inc access-list 105
cisco6509-0#
So, I've decided to take another approach.
Code:
interface Vlan304
description STel_LAN_04
ip address 10.10.6.97 255.255.255.224
ip access-group 123 out
ip helper-address 192.168.80.1
ip nat inside
ip policy route-map to_proxy
end
cisco6509-0#sh route-map to_proxy
route-map to_proxy, permit, sequence 10
Match clauses:
ip address (access-lists): to_proxy
Set clauses:
ip next-hop 192.168.80.9
Policy routing matches: 268 packets, 16616 bytes
cisco6509-0#
cisco6509-0#
cisco6509-0#sh ip access-list to_proxy
Extended IP access list to_proxy
permit tcp host 10.10.6.109 any eq 5190 (12 matches)
permit tcp host 10.10.6.116 any eq 5190 (6 matches)
permit tcp host 10.10.6.113 any eq 5190 (250 matches)
deny ip any any (359689 matches)
cisco6509-0#
On host 192.168.80.9 (it is a Linux 9.2) i've installed a proxy-server (most recent Squid). But packets from local users have the source addr 10.10.6.113 and the dist address login.icq.com, so my proxy does not process them. I can see them with iptraf, for example, but how can i redirect them to local ip and port of the proxy-server? May be iptables can do it?
P.S. Actually 192.168.80.0/24 - is a global network.