Read this whole guide offline with no ads, for a very low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

NEW! Network+ N11-003 2005 Beta Exam Study Guide - Just $9!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Network+
 9  Chapter 0101:  TCP/IP

Previous Topic/Section
Pop Quiz 0101.01
Previous Page
Pages in Current Topic/Section
1
Next Page
XV  Network Address Translation
Next Topic/Section

XIV  IP Proxy

The definition of a proxy is to do some action on behalf of another.

Suppose you have set up an IP based network in a company, using one of the IP address ranges reserved for private use. These addresses function internally, and because the Internet routers are programmed to ignore private addresses, the network traffic stays on the internal network. This prevents a computer from getting data from the Internet. This is the beginning of a firewall for a corporate network. Alas, it’s a very effective one, because it lets no traffic in or out. To pass data between the Internet (or any public network) and a private network, you need to add an intermediary host or device that functions as a proxy server.

An IP proxy server operates at lower levels of the network to pass all traffic between the Internet and one or more hosts on a private network. There may be rules on the proxy server to restrict some network traffic for security or general policy reasons, but the proxy server sees all packets that intend to travel between the Internet and one of the internal hosts.

(This is distinct from an application proxy function, like an HTTP Proxy, which handles packets from only a limited subset of protocols, instead of all packets.)

Remember during our discussion of IP Addressing, we mentioned that there were ways to get around the limitation of having so long a network number that you could only have a limited number of hosts? In addition to improving security by isolating your network from the Internet, one of the other things a Proxy Server does for you is make Internet access available to more hosts than your network number would normally allow you to define. (For example, using a proxy server, you could give more than 254 computers Internet access, even if you are using a Class C address.)

To configure a proxy server, two NICs or one NIC and one modem or router are installed on one server. Data packets are not passed between the two cards, as they normally would be using static or dynamic routing. Instead, a proxy service examines the data against a table (database) of what is allowed. If the configuration allows passage, it is then passed through to the other card.

To complete configuration proxy server, the modem, or NIC has the public Internet IP address. The internal NIC has the private IP address. Part of setting up the proxy server is configuring the NAT (Network Address Translation) between these two IP addresses.

NAT will be discussed next.

Firewalls

Firewalls work on the port number, source IP and destination IP.



Previous Topic/Section
Pop Quiz 0101.01
Previous Page
Pages in Current Topic/Section
1
Next Page
XV  Network Address Translation
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Network+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Network+ (http://www.CertiGuide.com/netplus/) on CertiGuide.com
Version 1.0 - Version Date: November 7, 2004

Adapted with permission from a work created by Tcat Houser and Helen O’Boyle.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.