Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Dream Machine ( Build your own PC ) -- Ignore unavailable to you. Want to Upgrade?

To: Sowbug who wrote (865)	5/27/1998 1:11:00 PM
From: Dirk Hente	Read Replies (1) \| Respond to of 14778

[Nat, Proxies & Firewalls] Sowbug, i think i have running a 'weird' tcp/ip application: Internet Trader (IT) of Papyrus Tech, my streaming quote service. The software doesnt support a 'proxy setup', i.e. there is no option to specify the address of a proxy server. Nevertheless it works behind Wingate because I'm using a mapped link to IT's quote server port 10606 (IT is based on a proprietary protocol). Wingate seems to be not a proxy server in the classical sense, that it only caches requestes made on behalf of the clients. It has this additional capability of a 'mapped link' which turns Wingate into a 'mapping proxy' (whatever this is). Now the question for me is: Is a 'mapping proxy' = a NAT? Like you said, NAT is based on a packet-by-packet basis (like a packet filter) while proxies usually work on the application layer. But from what I've read so far there are obviously proxies which are NAT based. (Microsoft IIS is not). I still dont get the whole picture. At least one thing is clear for me, even if you have NAT not all software will run. This is the case when a software is transmitting packets with invalid (=nonregistered) IP addresses in the data section. Today i found an interesting posting on usenet about NAT,Proxies & Firewalls: NAT, as defined in RFC1631, is a process of translating an IP address to another IP address, both in the header of the packet, and in the data of the packet, if the IP exists. (example would be FTP commands). A proxy server, however, does not translate on a packet-by-packet basis. Most web proxy servers receive an HTTP request from a client, and either fetch the page from an external server, or pull the page from its cache and return it to the client. They do not translate packets. A socks-tyle proxy server also does not do NAT. A client creates a TCP connection to the server, handshaking information is exchnaged, and the server creates a TCP connection to the external host. There are two separate TCP connections existing, not the translation of one connection through the server. Some proxy servers and firewalls do contain NAT implementations, but they are separate from the true "proxy" functions of these packages, at least by the common terminology. They also differ in performance and options. Back to the original question: do NAT in the proxy or the firewall? Depends on whose software you are using. Who has the best NAT protocol support? How much runtime does the code have? I would use Firewall-1's NAT long before I would use something from Microsoft or Novell (in the current Novell BorderManager, they do not even support UDP through NAT). So look at the packages available, the features they have, and your requirements. And if you find something that doesn't work through NAT, get a trace and look for an IP address outside of the header of the packet. If it is a new or obscure application, the NAT box may not be able to catch it. Also look for the types of NAT supported- one-to-one static and dynamic, as well as many-to-one (sometimes referred to as PAT (Port Address Translation)). --Jeff Guilfoyle