APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

NAT vs. Proxy server


What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):



From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us>
Newsgroups: comp.unix.sco.misc
Subject: Re: connecting osr5 to proxy
Date: Wed, 08 Sep 1999 20:58:48 -0700
Message-ID: <BSzXN07DTPDv2xyq8FSehObGgFha@4ax.com> 
References: <37D5A6A2.D3B78D8E@junction.net>
<19990907211911.K12335@jpradley.jpr.com>
<37D66F90.8B34019B@home.com>
<19990908121125.P15451@jpradley.jpr.com>
<37D6AB1F.22C8DE1A@junction.net>
<D+LWN4D=XF=18ZbMDlSOZa2VI2ic@4ax.com>
<37D71698.3D56C745@home.com> On Thu, 09 Sep 1999 01:58:01 GMT, Scott Taylor <s.taylor@home.com> wrote: >So, I'm thinking go hardware proxy. One that can keep a dialup >connection open and pass the email to the osr5.0.5 server. But can I >route to a proxy, at command level, from OSR5?

No.  I'll assume that you have some reason to do a proxy server
instead of just NAT/PAT.  Usually, it's a security issue.  The big
difference between a proxy server and an NAT/PAT box is that the proxy
server acts as the "end point" of a connection and opens a new
connection to the destination for both outgoing and incoming traffic.
The NAT/PAT box simply tweaks the IP addresses in the header and
passes everything through.  This means that applications that talk to
a proxy server must know about how to deal with proxy servers.  Rule
sets must be established for every service by IP socket number.  This
is no fun, but very secure.

There is no way to have EVERYTHING just point to the proxy server and
declare that all socket numbers (services) will be re-connected by the
proxy server.  You can do this but this defeats the purpose of the
proxy server.  If this is what you want, you might as well go with the
NAT/PAT solution.

The way you do a specific service such as email (SMTP) is to bore
holes in the firewall and configure a proxy.  The outside firewall
points to the proxy server on port 25, the proxy server points to the
OSR5 email host on port 25.  You have to do this for every service in
/etc/services that you want to use.  Most will work out of the box,
but some are difficult.  For some hints, see:
        http://www.tsmservices.com/masq/
which has the formulas for firewall and IP masquerading (PAT) to get
various programs and services to work.

You're probably familiar with the Netscape and IE Proxy configuration
page, where a proxy server is assigned for each service.  It's like
that for every application you run and on each desktop.  Each one
needs to be proxy server aware and individually configured for the
proxy server by IP service number.  If the company has an internal
domain, it needs to be listed as an exeption so that its traffic
doesn't end up going via the internet.  It's no fun but does work.

I tend to judge whether I need a proxy server, or can live with an NAT
box by the number of users or the traffic.  If the user count is high
enough that security is a major issue, I usually go with the proxy
server.  If the traffic includes a web server, where a web cache is
benificial, I use a Squid cache and proxy.  However, if the traffic is
light and head count low, I prefer the NAT/PAT solution as it's much
cheaper and easier to impliment.




-- 
Jeff Liebermann  150 Felker St #D  Santa Cruz CA 95060
(831)421-6491 pgr (831)426-1240 fax (831)336-2558 home
http://www.cruzio.com/~jeffl   WB6SSY
jeffl@comix.santa-cruz.ca.us   jeffl@cruzio.com



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> NAT vs. Proxy server ––>Re: connecting osr5 toproxy



Increase ad revenue 50-250% with Ezoic

Kerio Samepage


Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done. (Andy Rooney)





This post tagged: