krerk piromsopa. 2110472 computer network (masq/nat/proxy) 1 masq / nat / proxy masq (1:many) nat...

2110472 Computer Network (MASQ/NAT/PROXY)

1 Krerk Piromsopa.

MASQ / NAT / PROXY

• MASQ (1:Many)

• NAT 1:1 (true)

• Proxy solutions


2 Krerk Piromsopa.

What is NAT?

The major problem with NAT is, once all of the free public IP addresses are used, any additional private users requesting Internet service are out of luck until a public NAT address becomes free.


3 Krerk Piromsopa.

NAT Pro & Con

• Pro: – Very configurable

– No special application software needed

• Con– Requires a subnet from your ISP (expensive)


4 Krerk Piromsopa.

How NAT works.


5 Krerk Piromsopa.

What is Proxy?

• A proxy server uses only (1) public IP address, like IP MASQ, and acts as a translator to clients on the private LAN (WWW browser, etc.). This proxy server receives requests like TELNET, FTP, WWW, etc. from the private network on one interface. It would then in turn, initiate these requests as if someone on the local box was making the requests. Once the remote Internet server sends back the requested information, it would re-translate the TCP/IP addresses back to the internal MASQ client and send traffic to the internal requesting host. This is why it is called a PROXY server.


6 Krerk Piromsopa.

Proxy (Pro & Con)

• Proxy: available for: Win95, NT, Linux, Solaris, etc.– Pro:

• (1) IP address ; cheap• Optional caching for better performance (WWW, etc.)

– Con:• All applications behind the proxy server must both SUPPORT • proxy services (SOCKS) and be CONFIGURED to use the Proxy ser

ver• Screws up WWW counters and WWW statistics• ANY applications that you might want to use on the internal machines

*MUST* have proxy server support like Netscape and some of the better TELNET and FTP clients. Any clients that don't support proxy servers won't work.


7 Krerk Piromsopa.

Caching Proxy

• Another nice thing about proxy servers is that some of them can also do caching (Squid for WWW). So, imagine that you have 50 proxied hosts all loading Netscape at once. If they were installed with the default homepage URL, you would have 50 copies of the same Netscape WWW page coming over the WAN link for each respective computer. With a caching proxy server, only one copy would be downloaded by the proxy server and then the proxied machines would get the WWW page from the cache. Not only does this save bandwidth on the Internet connection, it will be MUCH MUCH faster for the internal proxied machines.


8 Krerk Piromsopa.

What is IP Masquerade?

• IP Masquerade is a networking feature in Linux. If a Linux host is connected to the Internet with IP Masquerade enabled, then computers connecting to it (usually on the same LAN, but can also be connected with other links such as modems or PLIP) can reach the Internet as well, even though they have no officially assigned IP addresses.

• a form of Network Address Translation (NAT) which allows internally connected computers that do not have one or more registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address.


9 Krerk Piromsopa.

IP Masquerade Pro & Cons

• Pro:– Only (1) IP address needed

(cheap)

– Doesn't require special application support

– Uses firewall software so your network can become more secure

• Con:– available on Linux and a few I

SDN routers such as the Zytel Prestige128, Cisco 770, NetGear ISDN routers, etc.

– Special protocols need to be uniquely handled by firewall redirectors, etc. Linux has full support for this (FTP, IRC, etc.) capabilty but many routers do NOT.


10 Krerk Piromsopa.

IP Masquerade


11 Krerk Piromsopa.

Proxy VS IP Masquerade

• Masq or 1:Many NAT is similar to a proxy server in the sense that the server will perform IP address translation and fake out the remote server (WWW for example) as if the MASQ server made the request instead of an internal machine.

• The major difference between a MASQ and PROXY server is that MASQ servers don't need any configuration changes to all the client machines. Just configure them to use the linux box as their default gateway and everything will work fine. You WILL need to install special Linux modules for things like RealAudio, FTP, etc. to work)!


12 Krerk Piromsopa.

Using Proxy with IP Masquerade

• Also, many users operate IP MASQ for TELNET, FTP, etc. *AND* also setup a caching proxy on the same Linux box for WWW traffic for the additional performance.


13 Krerk Piromsopa.

Virtual Server


14 Krerk Piromsopa.

Virtual Server (cont.)


15 Krerk Piromsopa.

More Resource

• http://www.suse.de/~mha/linux-ip-nat/diplom/

• “Linux IP Masquerade HOWTO”, http://ipmasq.cjb.net/

krerk piromsopa. 2110472 computer network (masq/nat/proxy) 1 masq / nat / proxy masq (1:many) nat...

Documents