APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

NAT vs. Proxy server

© December 2004 (various authors)

What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us>
Newsgroups: comp.unix.sco.misc
Subject: Re: connecting osr5 to proxy
Date: Wed, 08 Sep 1999 20:58:48 -0700
Message-ID: <BSzXN07DTPDv2xyq8FSehObGgFha@4ax.com> 
References: <37D5A6A2.D3B78D8E@junction.net>
<37D71698.3D56C745@home.com> On Thu, 09 Sep 1999 01:58:01 GMT, Scott Taylor <s.taylor@home.com> wrote: >So, I'm thinking go hardware proxy. One that can keep a dialup >connection open and pass the email to the osr5.0.5 server. But can I >route to a proxy, at command level, from OSR5?

No.  I'll assume that you have some reason to do a proxy server
instead of just NAT/PAT.  Usually, it's a security issue.  The big
difference between a proxy server and an NAT/PAT box is that the proxy
server acts as the "end point" of a connection and opens a new
connection to the destination for both outgoing and incoming traffic.
The NAT/PAT box simply tweaks the IP addresses in the header and
passes everything through.  This means that applications that talk to
a proxy server must know about how to deal with proxy servers.  Rule
sets must be established for every service by IP socket number.  This
is no fun, but very secure.

There is no way to have EVERYTHING just point to the proxy server and
declare that all socket numbers (services) will be re-connected by the
proxy server.  You can do this but this defeats the purpose of the
proxy server.  If this is what you want, you might as well go with the
NAT/PAT solution.

The way you do a specific service such as email (SMTP) is to bore
holes in the firewall and configure a proxy.  The outside firewall
points to the proxy server on port 25, the proxy server points to the
OSR5 email host on port 25.  You have to do this for every service in
/etc/services that you want to use.  Most will work out of the box,
but some are difficult.  For some hints, see:
which has the formulas for firewall and IP masquerading (PAT) to get
various programs and services to work.

You're probably familiar with the Netscape and IE Proxy configuration
page, where a proxy server is assigned for each service.  It's like
that for every application you run and on each desktop.  Each one
needs to be proxy server aware and individually configured for the
proxy server by IP service number.  If the company has an internal
domain, it needs to be listed as an exeption so that its traffic
doesn't end up going via the internet.  It's no fun but does work.

I tend to judge whether I need a proxy server, or can live with an NAT
box by the number of users or the traffic.  If the user count is high
enough that security is a major issue, I usually go with the proxy
server.  If the traffic includes a web server, where a web cache is
benificial, I use a Squid cache and proxy.  However, if the traffic is
light and head count low, I prefer the NAT/PAT solution as it's much
cheaper and easier to impliment.

Jeff Liebermann  150 Felker St #D  Santa Cruz CA 95060
(831)421-6491 pgr (831)426-1240 fax (831)336-2558 home
https://www.cruzio.com/~jeffl   WB6SSY
jeffl@comix.santa-cruz.ca.us   jeffl@cruzio.com

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> NAT vs. Proxy server ––>Re: connecting osr5 toproxy

Inexpensive and informative Apple related e-books:

Take Control of Preview

Are Your Bits Flipped?

Take Control of OS X Server

Take Control of iCloud

El Capitan: A Take Control Crash Course

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi. (Larry Wall)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode

SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)