1 / 15

MASQ / NAT / PROXY

MASQ / NAT / PROXY. MASQ (1:Many) NAT 1:1 (true) Proxy solutions. What is NAT?. The major problem with NAT is, once all of the free public IP addresses are used, any additional private users requesting Internet service are out of luck until a public NAT address becomes free. NAT Pro & Con.

sharne
Download Presentation

MASQ / NAT / PROXY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MASQ / NAT / PROXY • MASQ (1:Many) • NAT 1:1 (true) • Proxy solutions 2110472 Computer Network (MASQ/NAT/PROXY)

  2. What is NAT? The major problem with NAT is, once all of the free public IP addresses are used, any additional private users requesting Internet service are out of luck until a public NAT address becomes free. 2110472 Computer Network (MASQ/NAT/PROXY)

  3. NAT Pro & Con • Pro: • Very configurable • No special application software needed • Con • Requires a subnet from your ISP (expensive) 2110472 Computer Network (MASQ/NAT/PROXY)

  4. How NAT works. 2110472 Computer Network (MASQ/NAT/PROXY)

  5. What is Proxy? • A proxy server uses only (1) public IP address, like IP MASQ, and acts as a translator to clients on the private LAN (WWW browser, etc.). This proxy server receives requests like TELNET, FTP, WWW, etc. from the private network on one interface. It would then in turn, initiate these requests as if someone on the local box was making the requests. Once the remote Internet server sends back the requested information, it would re-translate the TCP/IP addresses back to the internal MASQ client and send traffic to the internal requesting host. This is why it is called a PROXY server. 2110472 Computer Network (MASQ/NAT/PROXY)

  6. Proxy (Pro & Con) • Proxy: available for: Win95, NT, Linux, Solaris, etc. • Pro: • (1) IP address ; cheap • Optional caching for better performance (WWW, etc.) • Con: • All applications behind the proxy server must both SUPPORT • proxy services (SOCKS) and be CONFIGURED to use the Proxy server • Screws up WWW counters and WWW statistics • ANY applications that you might want to use on the internal machines *MUST* have proxy server support like Netscape and some of the better TELNET and FTP clients. Any clients that don't support proxy servers won't work. 2110472 Computer Network (MASQ/NAT/PROXY)

  7. Caching Proxy • Another nice thing about proxy servers is that some of them can also do caching (Squid for WWW). So, imagine that you have 50 proxied hosts all loading Netscape at once. If they were installed with the default homepage URL, you would have 50 copies of the same Netscape WWW page coming over the WAN link for each respective computer. With a caching proxy server, only one copy would be downloaded by the proxy server and then the proxied machines would get the WWW page from the cache. Not only does this save bandwidth on the Internet connection, it will be MUCH MUCH faster for the internal proxied machines. 2110472 Computer Network (MASQ/NAT/PROXY)

  8. What is IP Masquerade? • IP Masquerade is a networking feature in Linux. If a Linux host is connected to the Internet with IP Masquerade enabled, then computers connecting to it (usually on the same LAN, but can also be connected with other links such as modems or PLIP) can reach the Internet as well, even though they have no officially assigned IP addresses. • a form of Network Address Translation (NAT) which allows internally connected computers that do not have one or more registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address. 2110472 Computer Network (MASQ/NAT/PROXY)

  9. Pro: Only (1) IP address needed (cheap) Doesn't require special application support Uses firewall software so your network can become more secure Con: available on Linux and a few ISDN routers such as the Zytel Prestige128, Cisco 770, NetGear ISDN routers, etc. Special protocols need to be uniquely handled by firewall redirectors, etc. Linux has full support for this (FTP, IRC, etc.) capabilty but many routers do NOT. IP Masquerade Pro & Cons 2110472 Computer Network (MASQ/NAT/PROXY)

  10. IP Masquerade 2110472 Computer Network (MASQ/NAT/PROXY)

  11. Proxy VS IP Masquerade • Masq or 1:Many NAT is similar to a proxy server in the sense that the server will perform IP address translation and fake out the remote server (WWW for example) as if the MASQ server made the request instead of an internal machine. • The major difference between a MASQ and PROXY server is that MASQ servers don't need any configuration changes to all the client machines. Just configure them to use the linux box as their default gateway and everything will work fine. You WILL need to install special Linux modules for things like RealAudio, FTP, etc. to work)! 2110472 Computer Network (MASQ/NAT/PROXY)

  12. Using Proxy with IP Masquerade • Also, many users operate IP MASQ for TELNET, FTP, etc. *AND* also setup a caching proxy on the same Linux box for WWW traffic for the additional performance. 2110472 Computer Network (MASQ/NAT/PROXY)

  13. Virtual Server 2110472 Computer Network (MASQ/NAT/PROXY)

  14. Virtual Server (cont.) 2110472 Computer Network (MASQ/NAT/PROXY)

  15. More Resource • http://www.suse.de/~mha/linux-ip-nat/diplom/ • “Linux IP Masquerade HOWTO”, http://ipmasq.cjb.net/ 2110472 Computer Network (MASQ/NAT/PROXY)

More Related