Get APLawrence.com by RSS(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Home > News Posts > NAT vs. Proxy server ––>Re: connecting osr5 toproxy
Printer Friendly Version
News Group Posts
NAT vs. Proxy server
From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> Newsgroups: comp.unix.sco.misc Subject: Re: connecting osr5 to proxy Date: Wed, 08 Sep 1999 20:58:48 -0700 Message-ID: <BSzXN07DTPDv2xyq8FSehObGgFha@4ax.com> References: <37D5A6A2.D3B78D8E@junction.net>
<19990907211911.K12335@jpradley.jpr.com>
<37D66F90.8B34019B@home.com>
<19990908121125.P15451@jpradley.jpr.com>
<37D6AB1F.22C8DE1A@junction.net>
<D+LWN4D=XF=18ZbMDlSOZa2VI2ic@4ax.com>
<37D71698.3D56C745@home.com> On Thu, 09 Sep 1999 01:58:01 GMT, Scott Taylor <s.taylor@home.com> wrote: >So, I'm thinking go hardware proxy. One that can keep a dialup >connection open and pass the email to the osr5.0.5 server. But can I >route to a proxy, at command level, from OSR5?
No. I'll assume that you have some reason to do a proxy server
instead of just NAT/PAT. Usually, it's a security issue. The big
difference between a proxy server and an NAT/PAT box is that the proxy
server acts as the "end point" of a connection and opens a new
connection to the destination for both outgoing and incoming traffic.
The NAT/PAT box simply tweaks the IP addresses in the header and
passes everything through. This means that applications that talk to
a proxy server must know about how to deal with proxy servers. Rule
sets must be established for every service by IP socket number. This
is no fun, but very secure.
There is no way to have EVERYTHING just point to the proxy server and
declare that all socket numbers (services) will be re-connected by the
proxy server. You can do this but this defeats the purpose of the
proxy server. If this is what you want, you might as well go with the
NAT/PAT solution.
The way you do a specific service such as email (SMTP) is to bore
holes in the firewall and configure a proxy. The outside firewall
points to the proxy server on port 25, the proxy server points to the
OSR5 email host on port 25. You have to do this for every service in
/etc/services that you want to use. Most will work out of the box,
but some are difficult. For some hints, see:
http://www.tsmservices.com/masq/
which has the formulas for firewall and IP masquerading (PAT) to get
various programs and services to work.
You're probably familiar with the Netscape and IE Proxy configuration
page, where a proxy server is assigned for each service. It's like
that for every application you run and on each desktop. Each one
needs to be proxy server aware and individually configured for the
proxy server by IP service number. If the company has an internal
domain, it needs to be listed as an exeption so that its traffic
doesn't end up going via the internet. It's no fun but does work.
I tend to judge whether I need a proxy server, or can live with an NAT
box by the number of users or the traffic. If the user count is high
enough that security is a major issue, I usually go with the proxy
server. If the traffic includes a web server, where a web cache is
benificial, I use a Squid cache and proxy. However, if the traffic is
light and head count low, I prefer the NAT/PAT solution as it's much
cheaper and easier to impliment.
-- Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 (831)421-6491 pgr (831)426-1240 fax (831)336-2558 home http://www.cruzio.com/~jeffl WB6SSY jeffl@comix.santa-cruz.ca.us jeffl@cruzio.com
If this page was useful to you, please click to help others find it:
Your +1's can help friends, contacts, and others on the web find the best stuff when they search.
Inexpensive and informative Apple related e-books:
Take Control of Troubleshooting Your Mac, Second Edition
Thanksgiving Dinner
the Mac Command Line with Terminal
iWeb '08
Take Control of Screen Sharing in Lion
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Click here to add your comments
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar