Routing the HTTP Traffic to PowerCache appliance OR iZone Bandwidth Optimization Cloud




This technique is used to deploy a transparent proxy. It can be used either with a proxy such as squid or with Traffic Forwarder. Transparent proxy means that the proxy is not explicitly used by the browsers, in other words the browsers do not need to be setup in order to go through the proxy.


The HTTP traffic goes through the proxy because it is seen as the next-hop by a router of the network infrastructure. This router, which is often the default router, is setup with a routing policy which forwards any TCP packet whose port number is 80 to the transparent proxy.


Implementing next-hop with a Cisco router


Such a routing policy can be setup on a Cisco router. In the following commands, we assume that the ACL is named alpha and the policy is named bravo. In addition we also assume that the transparent proxy IP address is


1- enable


2- configure terminal


3- ip access-list extended alpha


This command create a new access list also called an ACL in the Cisco jargon. "alpha" is the name given to this ACL (Any other name would be ok) as long as it complies with the name syntax of the cisco command.


***Any further commands will refer to this ACL***


4- permit tcp any host any eq www


This command describes the conditions the ACL must match in order to be used. any connection from any source IP to any hosts or IP and to the port 80


5- route-map bravo permit 10


This command create a policy whose name is "bravo" In this example, 10 is a policy number. The policy are used regarding this number.


6- match ip address alpha


This command adds the ACL alpha .


7- set ip next-hop


This command indicates that the next router used when the packet mathes one of the ACLs of "bravo" is


8- exit


9- interface 0/1


10- ip policy route-map bravo


This command applies the policy "bravo"


Implementing next-hop with ipfw


Ipfw is a firewall running under FreeBSD. By using a single rule, the traffic can be routed to the transparent proxy.


ipfw add 200 fwd tcp from to any 80 out xmit fxp0



Implementing next-hop with IP-Table


The routing policy can be set up by using IP-table rules on a linux.


iptables -t nat -A PREROUTING -p tcp -i $LAN -d $EXTIP --dport 80 -j DNAT --to iptables -A FORWARD -p tcp -i $EXTIF -d --dport 80 -j ACCEPT

Integration with optimization cloud