Date: Mon, 2 Feb 2004 18:02:26 +0100 From: jan.muenther@nruns.com To: JJB <Barbish3@adelphia.net> Cc: questions@freebsd.org Subject: Re: proxies and firewalls Message-ID: <20040202170226.GA1903@ergo.nruns.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGOEJGFHAA.Barbish3@adelphia.net> References: <20040202162806.GA1639@ergo.nruns.com> <MIEPLLIBMLEEABPDBIEGOEJGFHAA.Barbish3@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have Lan with private ip address that send packets to > public internet. How does an proxy server solve the private ip > address versus my public ip address problem? Simply through not routing / NATting at all. Instead of just forwarding the packets rewriting the IP headers like a NAT device does, an application layer proxy does the connections to the outside world *INSTEAD* of the client. To use the popular example of HTTP: While a NAT device will just forward and rewrite your query to a server's port 80/TCP and then forward and rewrite the reply according to its connection table, an application layer proxy will do the query *itself*. It will then process the reply, identify whether it looks like HTML that matches its quality/security requirements and then give a friendly reply to the client that originally did the query. Again, the proxy itself plays client on the application layer. This of course means that all outgoing connections are also done with the external IP address of the application level proxy machine. Clear now?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040202170226.GA1903>