On Tue, Feb 22, 2000 at 03:38:28PM -0500, Brad Lunsford wrote:
> I'm setting up a Firewall/Proxy combination for a company that is using unregistered
>addresses on their network. My idea was to use a router to perform NAT before the
>proxy server. That way, the proxy would sit on a subnet that contained a private
>address range. Does anyone have any opinions on this type of setup?
Well, NAT and Proxy can be done in 3 ways, all have advantages and
disadvantages:
a) make the NAT Router Parallel to the Proxy. In that setup you need 2
official IP Addresses, but both System's can work with max. speed. Of course
you have to configure 2 systems to be secure if you want peremiter security
b) put the proxy into the local net and access the internet via NAT router.
That way you only need one ip address and the NAT Router is securing all
connections. It will need to process FTP and other ugly protocols.
Advantage: the cached traffic wont hit the NAT router
c) put the proxy in front of the NAT. In that setup you need 2 IPs as with
a) but you also get the filtering from the NAT box... the load on the NAT
router is a bit higher as in b). If you have a circuit-level proxy this
setup will be good to avoid nasty protocols through your NAT (like in a).
Greetings
Bernd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
