This doesn't solve the problem of having an illegal address on the inside,
does it? The proxy will dump any requests for site that match our internal
range (listed in the LAT) back onto the internal interface (unless I'm
missing something here). I'm planning on converting the inside addresses to
RFC addresses, but that's going to take a few months, and I need this all in
place before that happens. Thanks for the info!!
Brad
----- Original Message -----
From: Bernd Eckenfels <[EMAIL PROTECTED]>
To: Brad Lunsford <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, February 28, 2000 5:50 PM
Subject: Re: NAT before proxy
> On Tue, Feb 22, 2000 at 03:38:28PM -0500, Brad Lunsford wrote:
> > I'm setting up a Firewall/Proxy combination for a company that is using
unregistered addresses on their network. My idea was to use a router to
perform NAT before the proxy server. That way, the proxy would sit on a
subnet that contained a private address range. Does anyone have any
opinions on this type of setup?
>
> Well, NAT and Proxy can be done in 3 ways, all have advantages and
> disadvantages:
>
> a) make the NAT Router Parallel to the Proxy. In that setup you need 2
> official IP Addresses, but both System's can work with max. speed. Of
course
> you have to configure 2 systems to be secure if you want peremiter
security
>
> b) put the proxy into the local net and access the internet via NAT
router.
> That way you only need one ip address and the NAT Router is securing all
> connections. It will need to process FTP and other ugly protocols.
> Advantage: the cached traffic wont hit the NAT router
>
> c) put the proxy in front of the NAT. In that setup you need 2 IPs as with
> a) but you also get the filtering from the NAT box... the load on the NAT
> router is a bit higher as in b). If you have a circuit-level proxy this
> setup will be good to avoid nasty protocols through your NAT (like in a).
>
>
> Greetings
> Bernd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
