[Gllug] IP Masquerading / Proxy servers / default routes

Andy McGarty andy at gatewayip.com
Tue Aug 28 13:14:04 UTC 2001


Masquerading allows PCs behind the firewall to access the service directly,
but pretends to be the firewall (ie use its IP address).
Proxying forces your PCs to ask the firewall to perform the service (ie get
the web page) and then pass it on to you.

I use masquerading as it allows me to do almost anything from the PCs (the
only limitation I found was having to set FTP to be passive).

Corporates tend to use PRoxying as it forces them to manage all the services
they offer and stops people doing things they don't want them to (eg voip,
ICQ, Telnet even!).

Your pcs behind the firewall should set the firewall address as their
gateway.  The firewall PC should set your ISP address as its gateway.  All
the gateway address does is allow a PC to say "I can't access this site, can
you pass the packets on for me please".  Or words to that effect!

Good luck

Andy


-----Original Message-----
From: gllug-admin at linux.co.uk [mailto:gllug-admin at linux.co.uk]On Behalf
Of Paul Brazier
Sent: 28 August 2001 13:54
To: Gllug (E-mail)
Subject: [Gllug] IP Masquerading / Proxy servers / default routes


I'm just battling at the moment with IP masquerading:

What is the essential difference between IP masquerading and
(transparent or otherwise) proxies?
Do they basically do the same thing, because surely the need for LANs to
access the internet via a gateway machine has always been around but IP
masquerading in Linux is a fairly new thing?
Is it that IP masquerading is in the kernel and proxies aren't?
Or is IP masquerading happening at a "lower level" i.e. individual IP
packets, whereas proxies are needed for each protocol on top of TCP/IP
e.g http, ftp, telnet etc?
e.g. at work I access the internet via a proxy server (WinNT) - with IP
masquerading I wouldn't need this?

I'm also unsure about setting default routes and gateways:

For my "internal" machine, is the gateway my "dial-up" machine or the
gateway at my ISP (Demon)?
For my dial up machine, is the gateway nothing at all or the gateway at
my ISP?
If I set it to itself, my pppd "dies unexpectedly" until I do "route del
default". Then "route -n" indicates the default route is Demon's
gateway.
Are there "two levels" of gateway e.g. my internal machines use my
dial-up machine as a gateway but my dial-up machine uses Demon as a
"second level" gateway?
With a simple home LAN do I need a default route at all or should I let
pppd set one for me?

--
Paul Brazier
Cosmos UK


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the originator.

This footnote also confirms that this email message has been checked
for the presence of computer viruses.

**********************************************************************

--
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list