"Ian Dexter R. Marquez" <[EMAIL PROTECTED]> writes:
> Hi, Joey:
>
> On 1/25/07, Joey S. Eisma <[EMAIL PROTECTED]> wrote:
>>
>> 1. what are the differences between the two? what are the advantages of
>> one over the other?
>
> A gateway, as the name implies, acts as an entrance (or exit,
> depending on how you look at it) to another network. A proxy, on the
> other hand, makes requests on behalf of clients in its network. The
> distinctions are a bit hazy, but we commonly use proxies for HTTP/FTP,
> although it is not uncommon for SMTP and other protocols to be proxied
> as well. Same is true with a gateway device. As for advantages, well
> YMMV -- these will depend on your requirements. If, as you say, you
> need to provide internet connection to a networked PC, a proxy *may*
> suffice. One advantage, I think, of a proxy is if it is a "caching"
> proxy -- the performance on access times can be enhanced up to some
> extent if there is a cache for the networked hosts.
To add to that:
- A gateway is transaparent to the network. All network requests are
routed to the gateway; the gateway acts as the point of contact
between one network and another.
- Gateways are lower-level than proxies -- they act on IP packets
(usually), while proxies work on higher level protocols such as
HTTP, etc.
- Gateways can also act as firewalls.
>> 2. if i use a proxy, i may configure squid, what about a gateway? what
>> software do i need?
>
> IPtables?
Not necessarily. Any bare box, in fact, can serve as a basic
gateway. You just have to configure its routing tables (man
route). However, to do things such as filtering and what-not (and
NAT-ing in particular, especially if your network uses a private IP
address space (e.g. 192.168.0.x and similar)), it may be cheaper to use
a router or router appliance.
In fact, a router is a kind of gateway.
>> 3. which is more secure?
>
> Trick question. :) Security is a process, not an end result. You can
> secure *both* of them to a great extent. Again, it depends on how you
> want to use them. For gateways, you can opt to allow only certain
> traffic to go through. The same goes for proxies. Again, YMMV.
>
>> 4. in this setup, the gateway is actually NAT?
>
> Well, correct me if I'm wrong, but a gateway *can* use NAT for
> internal hosts.
True. For instance, in this setup:
Network A: 192.168.1.x
Network B: 192.168.2.x
You can have a gateway for both network A and network B, with routing
tables configured to exchange traffic between the two. In this
situation, the gateway machine should have two network cards, with one
assigned to 192.168.1.x and bound to the gateway IP address for that
network, and the other assigned to 192.168.2.x and bound to the gateway
IP address for that network.
In this instance, no NAT is necessary.
However, consider this setup:
Network A: 192.168.1.x
Network B: 192.168.2.x
DSL modem
where the DSL modem is connected to a machine assigned to the address
space of 192.168.1.x;
In this situation, the gateway for the 192.168.1.x space may be the same
machine assigned to the 192.168.1.x space; the gateway for the
192.168.2.x space should have routes configured to point IP packets
heading to the Internet to the 192.168.1.x gateway. In this situation,
the 192.168.1.x gateway should be doing NAT.
--
JM Ibanez
Senior Software Engineer
Orange & Bronze Software Labs, Ltd. Co.
[EMAIL PROTECTED]
http://software.orangeandbronze.com/
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
