CertiGuide to Network+  9  Chapter 0101:  TCP/IP

Pop Quiz 0101.01 1 XV  Network Address Translation

The definition of a proxy is to do some action on behalf of another.

Suppose you have set up an IP based network in a company, using one of the IP address ranges reserved for private use. These addresses function internally, and because the Internet routers are programmed to ignore private addresses, the network traffic stays on the internal network. This prevents a computer from getting data from the Internet. This is the beginning of a firewall for a corporate network. Alas, it’s a very effective one, because it lets no traffic in or out. To pass data between the Internet (or any public network) and a private network, you need to add an intermediary host or device that functions as a proxy server.

An IP proxy server operates at lower levels of the network to pass all traffic between the Internet and one or more hosts on a private network. There may be rules on the proxy server to restrict some network traffic for security or general policy reasons, but the proxy server sees all packets that intend to travel between the Internet and one of the internal hosts.

(This is distinct from an application proxy function, like an HTTP Proxy, which handles packets from only a limited subset of protocols, instead of all packets.)

Remember during our discussion of IP Addressing, we mentioned that there were ways to get around the limitation of having so long a network number that you could only have a limited number of hosts? In addition to improving security by isolating your network from the Internet, one of the other things a Proxy Server does for you is make Internet access available to more hosts than your network number would normally allow you to define. (For example, using a proxy server, you could give more than 254 computers Internet access, even if you are using a Class C address.)

To configure a proxy server, two NICs or one NIC and one modem or router are installed on one server. Data packets are not passed between the two cards, as they normally would be using static or dynamic routing. Instead, a proxy service examines the data against a table (database) of what is allowed. If the configuration allows passage, it is then passed through to the other card.

To complete configuration proxy server, the modem, or NIC has the public Internet IP address. The internal NIC has the private IP address. Part of setting up the proxy server is configuring the NAT (Network Address Translation) between these two IP addresses.

NAT will be discussed next.

Pop Quiz 0101.01 1 XV  Network Address Translation