Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Dec 1997 05:01:18 -0500
From:      "Alfred Perlstein" <perlsta@sunyit.edu>
To:        "TOKER ONUR" <onur@dpc.kfupm.edu.sa>, <freebsd-questions@FreeBSD.ORG>
Cc:        <freebsd-hackers@FreeBSD.ORG>
Subject:   Re: several networking questions ...
Message-ID:  <199712270605.GAA16141@fang.cs.sunyit.edu>

next in thread | raw e-mail | index | archive | help

> (3) What is proxy, ip-tunneling, ip-masquareding ? How can I get more
info.
> about these ?
>

quick run down as far as i know.....

proxy:
	a machine that you can connect to as a service to request other services,
ie. you have a firewall that doesn't allow any traffic through it, however
traffic from the _firewall_ machine is allowed through.... well a program
can be run on the firewall that sorta forwards requests out for machines in
your internal network to the outside internet....
	proxies can also cache data, meaning that if you have a small office
connected to the internet a WWW proxy might identify the most common pages
that are requested through it and store them locally on the machine, that
way if duplicate requests from different machines come though the data is
already on the internal network...
	some proxies are "transparent" i need to use a proxy to play quake, when i
run it i set it up to listen on a port, and tell it the outside machine i
want to connect to.... then i connect to it from one of my internal
machines and it transparently connects me...
	others like SOCKS need clients (browsers,ftp tools, etc...) that
understand that there is a proxy there.... because in the previous example
i had to hardwire the quake proxy to connect to a specific machine, but
SOCKS allows clients to tell it what data to fetch and from where....
	proxies are cool for several reasons, among them:
	1) they hide internal IP addresses
	2) they might cache data
	3) they allow "fake" IP addresses from an internal network to work outside
on the net

ip tunneling: (i might be wrong)
	you set up a machine that when connected to, forwards the socket to a
different machine.  my gateway machine (the one with the connection to the
internet) forwards all incomming ftp,telnet,web and more connection to an
internal machine that has more power.  this is transparent... the incoming
"connectee" doesn't know it's not really connecting to gateway....
	i've heard that some tunneling programs encrypt the IP traffic in case you
have to do something like this over the internet or somewhere where someone
might be sniffing

ip masqurading....
	almost the opposite of tunneling.... one machine acts as a gateway to the
internet, all machines trying to go through it have thier  IP stripped off
and the gateway's IP is put on.... the gateway sorta acts as a middleman,
TCP sockets usually have no problem with this, UDP will always break... TCP
breaks when someone tries to make an incoming socket to an internal
machine.... since it only sees the gateway.... as the outgoing address it
tries to connect to it, however it really needs to connect to one of the
internal machines.... tough luck :)
unless you also use tunneling....

i don't know if this is helpful or not, i'm just glad it'll be on the
freeBSD-questions list...

also check my web page:
http://www.cs.sunyit.edu/~perlsta
and try the "UNIX" link... shows some firewall and ipmasqurading for
freebsd....

 -Alfred






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712270605.GAA16141>