From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  2 09:04:39 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ECEDD16A4CE
	for <questions@freebsd.org>; Mon,  2 Feb 2004 09:04:39 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.177])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9847643D1D
	for <questions@freebsd.org>; Mon,  2 Feb 2004 09:04:38 -0800 (PST)
	(envelope-from jan.muenther@nruns.com)
Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AnhUx-00019r-00; Mon, 02 Feb 2004 18:04:35 +0100
Received: from [62.225.140.10] (helo=ergo.nruns.com)
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 1AnhUx-0001PX-00; Mon, 02 Feb 2004 18:04:35 +0100
Received: by ergo.nruns.com (Postfix, from userid 1001)
	id 13F1A596; Mon,  2 Feb 2004 18:02:27 +0100 (CET)
Date: Mon, 2 Feb 2004 18:02:26 +0100
From: jan.muenther@nruns.com
To: JJB <Barbish3@adelphia.net>
Message-ID: <20040202170226.GA1903@ergo.nruns.com>
References: <20040202162806.GA1639@ergo.nruns.com>
	<MIEPLLIBMLEEABPDBIEGOEJGFHAA.Barbish3@adelphia.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <MIEPLLIBMLEEABPDBIEGOEJGFHAA.Barbish3@adelphia.net>
User-Agent: Mutt/1.4i
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:9a8a46f2b40f7808f7699def63624ac2
cc: Jorn Argelo <jorn@wcborstel.nl>
cc: questions@freebsd.org
Subject: Re: proxies and firewalls
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2004 17:04:40 -0000

> I have Lan with private ip address that send packets to
> public internet. How does an proxy server solve the private ip
> address versus my public ip address problem?

Simply through not routing / NATting at all. 

Instead of just forwarding the packets rewriting the IP headers like a NAT
device does, an application layer proxy does the connections to the outside
world *INSTEAD* of the client.

To use the popular example of HTTP:
While a NAT device will just forward and rewrite your query to a server's
port 80/TCP and then forward and rewrite the reply according to its
connection table, an application layer proxy will do the query *itself*. It
will then process the reply, identify whether it looks like HTML that
matches its quality/security requirements and then give a friendly reply to
the client that originally did the query. 

Again, the proxy itself plays client on the application layer. 

This of course means that all outgoing connections are also done with the
external IP address of the application level proxy machine. 

Clear now?