Specifications
Table Of Contents
- About This Document
- Understanding Networking and IP Addressing
- Introduction to Networking
- Networking using IP
- Niagara Considerations
- Additional Information
- Configuration and Troubleshooting Tools
- Connecting on a LAN
- Connecting with Direct Dial
- Connecting to an ISP
- Using Security Technologies
- Configuration Files Used for Communication
- Glossary
- Index
Niagara Release 2.3
Revised: May 22, 2002 Niagara Networking & Connectivity Guide
Chapter 1 Understanding Networking and IP Addressing
Networking using IP
1–30
Application proxy—Also known as an “application gateway”, this technique
inserts a true barrier between the client computer, which is requesting access to an
application, and the application server. The client actually connects to the application
gateway which acts on behalf of the client, negotiating with the destination server for
information. This, in effect, creates two connections: one between the client and the
application gateway and one between the application gateway and the destination
server. This effectively hides the internal computers from the view of outside
computers.
While this is highly secure, it is slower and consumes more resources than the other
firewall technologies.
Note Working with these devices can be confusing because many devices that are labelled
for one function (such as “firewall”) also can provide other functionality as well
(such as proxy functions). Therefore, if you encounter an existing device, you should
investigate the functions that it provides for the organization.
Figure 1-5 shows an typical implementation in Company ABC of a firewall device
that has proxy technology built in.
Figure 1-5 Typical implementation of firewall/proxy technologies.
For more information on the use of firewalls and proxy servers in the Niagara
environment, see “Using a Firewall or Proxy Device,” page 6-4.
EthernetEthernet
Host A Host B
RouterRouter
ABC Company
Internet
Communications link between two sites
Communications
link to the Internet
Firewall with Proxy
and NAT
Router
Ethernet
Company Web Server
www.abccompany.com
External IP Address:
204.253.56.14
Inside IP Address:
192.168.125.3
NAT Addresses: 204.253.56.x
Network: 192.168.1.0
Subnet Mask: 255.255.255.128
Network: 192.168.1.128
Subnet Mask: 255.255.255.128
Network: 192.168.125.0
Subnet Mask: 255.255.255.1
Company ABC has
implemented a firewall that
also has proxy services and
NAT.
The administrator has set up
a static mapping of an
external IP address for the
company web server. In
addition, she has set up
filtering to only allow the
HTTP protocol to that host.
Host A browses a web page
on the internet (using HTTP)
by securing a dynamically
assigned external address
from the firewall for the
session. The firewall caches
the page for later use by
Host B. However, the proxy
server has another protocol
filter which prevents any
hosts on an inside network
from using the FTP (file
transfer) protocol.