From owner-freebsd-questions@FreeBSD.ORG Mon Feb 2 02:04:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DFCE16A4CE for ; Mon, 2 Feb 2004 02:04:01 -0800 (PST) Received: from www.wcborstel.nl (node-c-0ab6.a2000.nl [62.194.10.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id C15F943D3F for ; Mon, 2 Feb 2004 02:03:59 -0800 (PST) (envelope-from jorn@wcborstel.nl) Received: from sauron.emea.middle-earth.org (unknown [172.16.1.2]) by www.wcborstel.nl (Postfix) with ESMTP id C059E1706F; Mon, 2 Feb 2004 11:02:07 +0100 (CET) From: Jorn Argelo To: Hiren Date: Mon, 2 Feb 2004 11:04:08 +0100 User-Agent: KMail/1.5.4 References: <1075714727.175.3.camel@fbtab.h3p.co.za> In-Reply-To: <1075714727.175.3.camel@fbtab.h3p.co.za> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200402021104.08570.jorn@wcborstel.nl> cc: questions@freebsd.org Subject: Re: proxies and firewalls X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2004 10:04:01 -0000 When one is connected to a proxy server, the proxy server makes a connection to the outside world and transports the data to the computer who is requesting that information. So the client computer won't make a true connection to the outside world, but it only connects to the proxy server. In there the administrator can give several rules to the proxy server what to allow/dissalow. For example you can disable that clients connect to the MSN port. If you use a proxy server your internal IP address will almost always be shown on sites that show your IP address rather then your true external IP address. Also, a proxy server caches files it collects from the net, thus making it accessable faster. NAT (Network Address Translator) does nothing more then translating your internal IP address to an external one. So there is a direct connection to the internet like that, and there is no caching done by the NAT server NAT is handy for home use, since you don't have to really tight up your security as you do with your company. So if you got a big company then you should definitely use a proxy server to let your people connect to the outside world. Cheers, Jorn On Monday 02 February 2004 10:38, Hiren wrote: > greetings all > > i often come across proxies and firewalls under the security section of > tutorials and guides, i have read that one can create proxies of any > internet service like ftp www etc. > my question is what exactly is a proxy and how does it play a role in > security, why and how does it replace NATing, and how does it play a > role in security with regard to NAT. what services can be proxied, is it > worth having and general advice. > > thanks all > Hiren. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"