Computer Network (MASQ/NAT/PROXY)

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

... Objective Internet Working ISP TOT, TT&T, CAT,SAMART Dial up ADSL Leased Line Satellite.
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.
IS 247 Introduction to Web Application Development Tim Wu.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Department of Information Engineering 1 What is port number? OK, you know that in order to connect to Internet, each computer must have a unique address.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Advanced Networking for DVRs
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
Internet Connection Sharing Ben Ramig Erik Tierney.
Computer Networking Part 1 CS 1 Rick Graziani Cabrillo College Fall 2005.
Chapter 9: Novell NetWare
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Web Page Design I Retest Terms Review. 1. Web pages are created using a language known as ___________. The coding of this language must follow specific.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
1 Chapter Overview Installing the TCP/IP Protocols Configuring TCP/IP.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.
CHAPTER 3 PLANNING INTERNET CONNECTIVITY. D ETERMINING INTERNET CONNECTIVITY REQUIREMENTS Factors to be considered in internet access strategy: Sufficient.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
Proxy Servers.
The Intranet.
Application Layer Honolulu Community College Cisco Academy Training Center Semester 1 Version
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Networks: LANs, WANs and Communication Protocols How do computers communicate?
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 9 TCP/IP Protocol Suite and IP Addressing.
Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.
Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
Dial-On-Demand Server Steve Castellotti Manuel Perez.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Some Network Commands n Some useful network commands –ping –finger –nslookup –tracert –ipconfig.
Network Address Translation (NAT)
CONNECTING TO THE INTERNET
Network Address Translation
Some Common Terms The Internet is a network of computers spanning the globe. It is also called the World Wide Web. World Wide Web It is a collection of.
Unit 5: Providing Network Services
Providing Network Services
Firewalls Routers, Switches, Hubs VPNs
Internet Connection Sharing
Computer Networks Protocols
Presentation transcript:

2110472 Computer Network (MASQ/NAT/PROXY) MASQ (1:Many) NAT 1:1 (true) Proxy solutions 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) What is NAT? The major problem with NAT is, once all of the free public IP addresses are used, any additional private users requesting Internet service are out of luck until a public NAT address becomes free. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) NAT Pro & Con Pro: Very configurable No special application software needed Con Requires a subnet from your ISP (expensive) 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) How NAT works. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) What is Proxy? A proxy server uses only (1) public IP address, like IP MASQ, and acts as a translator to clients on the private LAN (WWW browser, etc.). This proxy server receives requests like TELNET, FTP, WWW, etc. from the private network on one interface. It would then in turn, initiate these requests as if someone on the local box was making the requests. Once the remote Internet server sends back the requested information, it would re-translate the TCP/IP addresses back to the internal MASQ client and send traffic to the internal requesting host. This is why it is called a PROXY server. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) Proxy (Pro & Con) Proxy: available for: Win95, NT, Linux, Solaris, etc. Pro: (1) IP address ; cheap Optional caching for better performance (WWW, etc.) Con: All applications behind the proxy server must both SUPPORT proxy services (SOCKS) and be CONFIGURED to use the Proxy server Screws up WWW counters and WWW statistics ANY applications that you might want to use on the internal machines *MUST* have proxy server support like Netscape and some of the better TELNET and FTP clients. Any clients that don't support proxy servers won't work. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) Caching Proxy Another nice thing about proxy servers is that some of them can also do caching (Squid for WWW). So, imagine that you have 50 proxied hosts all loading Netscape at once. If they were installed with the default homepage URL, you would have 50 copies of the same Netscape WWW page coming over the WAN link for each respective computer. With a caching proxy server, only one copy would be downloaded by the proxy server and then the proxied machines would get the WWW page from the cache. Not only does this save bandwidth on the Internet connection, it will be MUCH MUCH faster for the internal proxied machines. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) What is IP Masquerade? IP Masquerade is a networking feature in Linux. If a Linux host is connected to the Internet with IP Masquerade enabled, then computers connecting to it (usually on the same LAN, but can also be connected with other links such as modems or PLIP) can reach the Internet as well, even though they have no officially assigned IP addresses. a form of Network Address Translation (NAT) which allows internally connected computers that do not have one or more registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address. 2110472 Computer Network (MASQ/NAT/PROXY)

IP Masquerade Pro & Cons Only (1) IP address needed (cheap) Doesn't require special application support Uses firewall software so your network can become more secure Con: available on Linux and a few ISDN routers such as the Zytel Prestige128, Cisco 770, NetGear ISDN routers, etc. Special protocols need to be uniquely handled by firewall redirectors, etc. Linux has full support for this (FTP, IRC, etc.) capabilty but many routers do NOT. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) IP Masquerade 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) Proxy VS IP Masquerade Masq or 1:Many NAT is similar to a proxy server in the sense that the server will perform IP address translation and fake out the remote server (WWW for example) as if the MASQ server made the request instead of an internal machine. The major difference between a MASQ and PROXY server is that MASQ servers don't need any configuration changes to all the client machines. Just configure them to use the linux box as their default gateway and everything will work fine. You WILL need to install special Linux modules for things like RealAudio, FTP, etc. to work)! 2110472 Computer Network (MASQ/NAT/PROXY)

Using Proxy with IP Masquerade Also, many users operate IP MASQ for TELNET, FTP, etc. *AND* also setup a caching proxy on the same Linux box for WWW traffic for the additional performance. 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) Virtual Server 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) Virtual Server (cont.) 2110472 Computer Network (MASQ/NAT/PROXY)

2110472 Computer Network (MASQ/NAT/PROXY) More Resource http://www.suse.de/~mha/linux-ip-nat/diplom/ “Linux IP Masquerade HOWTO”, http://ipmasq.cjb.net/ 2110472 Computer Network (MASQ/NAT/PROXY)