Re: IP Masqurate or Proxy Server?

• Previous message: Steve Adams: "Re: LDAP problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 23 Jan 2004 21:07:20 -0800
To: Imran <Allies@wol.net.pk>

Masquerade and proxy do different things. For any box where you're
even considering a proxy server, NAT is probably a good idea too
(unless you want to restrict connections to ONLY proxied).

Masqueerading is a form of NAT which generally takes the connections
of an arbirary number of machines and makes them look as if they came
from only one box (the NAT box). A pleasant side effect of this is
that, baring special arrangements, only outbound connections are
possible. This makes it a bit harder for an outside attacker to
infiltrate your inside network because they now have to find some
way to piggyback on an existing outbound connection.

Masquerading breaks protocols that call for inbound connections
(the most famous of those being FTP. many P2P and IM systems also
have problems with NATed boxes). such protocols need a bit of special
magic to work with NAT (often a form of transparent proxy)

While Masquerading and NAT works at the TCP/IP level, proxy works
at the application layer. Proxies have to understand at least enough
of the application layer to re-route requests and responses. This adds
a bit of cost but also adds some flexibility. An HTTP nat, for example
can now filter for and redirect/block specific web pages and/or sites.
You can sometimes also save a bit of bandwidth costs by allowing your
proxy to cache often-used pages and serve them direct from the cache
without having to transfer them across the 'net.

If you go to non-transparent proxies, you can evn add in things like
authentication.

Although both proxy and NATs restrictions can be circumvented by a
determined (inside) user, it's much easier to do with NAT.

Imran wrote:
> I want to ask that is IP masqurade is better then running a proxy server
> like squid, if so then why it is better. Also please give me the
> difference between IP masqurade and proxy servers.

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
      the jewel within each person and bringing it to light.

• Previous message: Steve Adams: "Re: LDAP problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: JAVA Probleme Port 8002 ... HTTP Proxy Server herstellen, da der Server keine Kommunikation über HTTP ... Das Chatapplet funktioniert gut durch Firewalls mit SOCKS oder NAT. ... Also mach mal einen Client zum ... (microsoft.public.de.german.isaserver) Re: Proxy x NAT ... Subject: Proxy x NAT ... Proxy server ... the LAN meets the Internet makes all necessary IP address translations. ... (Security-Basics) Re: Panda-Antivirus und ISA2004 die Zweite ... >> NAT oder FW Client? ... > Win2003-Server der über den Proxy ins Netz geht. ... Gibt es bei Panda keine Knowledgebase bzw. Anleitung? ... (microsoft.public.de.german.isaserver) Re: Transparent Proxy Bypass ... > way to bypass the proxy for the sites in question. ... > it use NAT to get to the destination or is their somthing in squid I can ... My system is the internet gateway for the house. ... (alt.os.linux) Re: dns, LAN and firewall ... here it means that the router performs at the same time destination NAT (port redirection) and source NAT (masquerading) on a connection. ... Usually domestic routers can do only either port redirection of incoming connections or masquerading of outgoing connections. ... (comp.os.linux.networking)