NAT vs. Proxy server
What is this stuff?
If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):
From: Jeff Liebermann <email@example.com> Newsgroups: comp.unix.sco.misc Subject: Re: connecting osr5 to proxy Date: Wed, 08 Sep 1999 20:58:48 -0700 Message-ID: <BSzXN07DTPDv2xyq8FSehObGgFha@4ax.com> References: <37D5A6A2.D3B78D8E@junction.net>
<37D71698.3D56C745@home.com> On Thu, 09 Sep 1999 01:58:01 GMT, Scott Taylor <firstname.lastname@example.org> wrote: >So, I'm thinking go hardware proxy. One that can keep a dialup >connection open and pass the email to the osr5.0.5 server. But can I >route to a proxy, at command level, from OSR5?
No. I'll assume that you have some reason to do a proxy server instead of just NAT/PAT. Usually, it's a security issue. The big difference between a proxy server and an NAT/PAT box is that the proxy server acts as the "end point" of a connection and opens a new connection to the destination for both outgoing and incoming traffic. The NAT/PAT box simply tweaks the IP addresses in the header and passes everything through. This means that applications that talk to a proxy server must know about how to deal with proxy servers. Rule sets must be established for every service by IP socket number. This is no fun, but very secure. There is no way to have EVERYTHING just point to the proxy server and declare that all socket numbers (services) will be re-connected by the proxy server. You can do this but this defeats the purpose of the proxy server. If this is what you want, you might as well go with the NAT/PAT solution. The way you do a specific service such as email (SMTP) is to bore holes in the firewall and configure a proxy. The outside firewall points to the proxy server on port 25, the proxy server points to the OSR5 email host on port 25. You have to do this for every service in /etc/services that you want to use. Most will work out of the box, but some are difficult. For some hints, see: http://www.tsmservices.com/masq/ which has the formulas for firewall and IP masquerading (PAT) to get various programs and services to work. You're probably familiar with the Netscape and IE Proxy configuration page, where a proxy server is assigned for each service. It's like that for every application you run and on each desktop. Each one needs to be proxy server aware and individually configured for the proxy server by IP service number. If the company has an internal domain, it needs to be listed as an exeption so that its traffic doesn't end up going via the internet. It's no fun but does work. I tend to judge whether I need a proxy server, or can live with an NAT box by the number of users or the traffic. If the user count is high enough that security is a major issue, I usually go with the proxy server. If the traffic includes a web server, where a web cache is benificial, I use a Squid cache and proxy. However, if the traffic is light and head count low, I prefer the NAT/PAT solution as it's much cheaper and easier to impliment.
-- Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 (831)421-6491 pgr (831)426-1240 fax (831)336-2558 home http://www.cruzio.com/~jeffl WB6SSY email@example.com firstname.lastname@example.org
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Increase ad revenue 50-250% with Ezoic
Inexpensive and informative Apple related e-books:
Take Control of Parallels Desktop 12
Photos for Mac: A Take Control Crash Course
Take Control of the Mac Command Line with Terminal, Second Edition
Take control of Apple TV, Second Edition
Take Control of Preview