RFC 1919 (rfc1919) - Page 1 of 35


Classical versus Transparent IP Proxies



Alternative Format: Original Text Document

Next >


Network Working Group                                          M. Chatel
Request for Comments: 1919                                    Consultant
Category: Informational                                       March 1996


                Classical versus Transparent IP Proxies

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   Many modern IP security systems (also called "firewalls" in the
   trade) make use of proxy technology to achieve access control.  This
   document explains "classical" and "transparent" proxy techniques and
   attempts to provide rules to help determine when each proxy system
   may be used without causing problems.

Table of Contents

   1.  Background . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Direct communication (without a proxy) . . . . . . . . . . . 3
   2.1.  Direct connection example  . . . . . . . . . . . . . . . . 3
   2.2.  Requirements of direct communication . . . . . . . . . . . 5
   3.    Classical application proxies  . . . . . . . . . . . . . . 5
   3.1.  Classical proxy session example  . . . . . . . . . . . . . 6
   3.2.  Characteristics of classical proxy configurations  . . .  12
   3.2.1.  IP addressing and routing requirements . . . . . . . .  12
   3.2.2.  IP address hiding  . . . . . . . . . . . . . . . . . .  14
   3.2.3.  DNS requirements . . . . . . . . . . . . . . . . . . .  14
   3.2.4.  Software requirements  . . . . . . . . . . . . . . . .  15
   3.2.5.  Impact of a classical proxy on packet filtering  . . .  15
   3.2.6.  Interconnection of conflicting IP networks . . . . . .  16
   4.  Transparent application proxies  . . . . . . . . . . . . .  19
   4.1.  Transparent proxy connection example . . . . . . . . . .  20
   4.2.  Characteristics of transparent proxy configurations  . .  26
   4.2.1.  IP addressing and routing requirements . . . . . . . .  26
   4.2.2.  IP address hiding  . . . . . . . . . . . . . . . . . .  28
   4.2.3.  DNS requirements . . . . . . . . . . . . . . . . . . .  28
   4.2.4.  Software requirements  . . . . . . . . . . . . . . . .  29
   4.2.5.  Impact of a transparent proxy on packet filtering  . .  30
   4.2.6.  Interconnection of conflicting IP networks . . . . . .  31
   5.  Comparison chart of classical and transparent proxies  . .  31
   6.  Improving transparent proxies  . . . . . . . . . . . . . .  32
   7.  Security Considerations  . . . . . . . . . . . . . . . . .  34



Chatel                       Informational


Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions