[svlug] IP MASQ vs. Proxy.

Ray Olszewski ray at comarre.com
Fri Nov 13 18:44:00 PST 1998

Previous message: [svlug] PCMCIA Kernel options?
Next message: [svlug] celebrities in the Open Source community
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a question that keeps coming up. Perhaps we need a short,
beginner-level FAQ for it. In the meantime, Scott ...

Detailed answers to these questions are in the Linux HowTos and miniHowTos,
available (among other places) at URL

        http://sunsite.unc.edu/mdw/ldp.html

In this case, you will want to look at the Firewall HowTo (which also
discusses proxy server) and the IP Masquerade mini-HowTo. 

At the moment, though, it sounds like you can use a short, imprecise
overview. So, in brief:

IP Masquerading lets you connect a LAN to the Internet using only one "real"
(that is, known to the outside world) IP address. To the Internet, all
traffic to and from the LAN looks like it comes from the single server that
acts as the gateway. The gateway parcels out the packets to the other
machines on the LAN, which customarily uses addresses reserved for isolated
LANs (10.0.0.0, 192.168.0.0, and some Class B address I can never remember).
This is a sort of translation that occurs at the IP level; it applies to all
all packets and does not distinguish individual services.

Firewalls are, in a sense, the philosophical opposite of masquerading. While
masquerading is designed to provide an indirect connection to the Internet,
firewalls are designed to block a direct connection. That is, with a
firewall, all traffic to a LAN from a router gets passed through a machine
that examines each packet and decides which ones can go through, which
cannot. They are usually installed for security reasons. 

Proxy servers are a way to allow some services to pass through an isolating
machine, typically a firewall. This works at the service level; all http
packets, for example, might be filtered through a Web server set up to act
as a proxy. 

Setting up a 486 to route from a home LAN to the Internet, using IP
masquerading, should work just fine, as long as the 486 is itself reliable,
with enough memory and hard disk. (I only throw in this qualifier because
those 486s are getting old, and I'm seeing increased unreliability in mine,
especially in mechanical components like hard disks and floppy drives.) I
don't have this running, but I believe others on the list do and can
probably respond to specific questions when you get to that stage.

For now, if this still interests you, your best next step is to read those
HowTos (which, BTW, are probably also on your Linux box somewhere (I have
them here in /usr/doc/faq/howto)).

At 07:01 PM 11/13/98 -0700, Scott Jaderholm wrote:
>I am not exactly sure what these do.  From what I understand they allow
>multiple computers to connect to the internet through one connection by
>sharing one IP#.  Is there anything better about IP masqerading than
>running a proxy server? 
>Are they the exact same thing?  
>I was thinking about taking my 486 33Mhz and moving my 56k modem into it.
[rest deleted]

------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
762 Garland Drive
Palo Alto, CA  94303-3603
650.321.3561 voice     650.322.1209 fax          ray at comarre.com        
----------------------------------------------------------------

--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe

Previous message: [svlug] PCMCIA Kernel options?
Next message: [svlug] celebrities in the Open Source community
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list