Friday, July 30, 2010

Comparison of six agent approach



Traditional proxy, transparent proxy, plug-gw, Apache reverse proxy, IP masquerading, port forwarding comparison of six methods

The first part features a variety of proxy and packet rewriting the way the process

Squid proxy and transparent proxy tradition:

In Linux, the most widely used traditional proxy and transparent proxy is Squid. Default Squid configuration into the traditional agency approach. In this way, windows in the browser client to set the proxy server address and port number, the client actually very little work to be done. Only need to specify the proxy server IP address and port number can be, the other left to do all that to the proxy server. In this way a striking feature is the windows client browsing the Web, when entering a URL, DNS is also done by the proxy server. DNS resolution process is based on Linux server set up / etc / host.conf file parsing order of.
General of the order is to first find the / etc / hosts, then looking for DNS database bind. In this case, the interesting example is that if you set up a site for your internal network domain in a server, you first go to access the internal network server. If you set 192.168.11.3 www.yahoo.com then your browser can not access the internet to a yahoo site.
However, if you set the transparent proxy, then the resolution of the DNS and then the order will become windowshosts Linux, DNS database. No longer possible to check the Linux server / etc / hosts file.
Introduction of transparent proxy, see the article meets in another article "How to set the transparent proxy in Linux"

Traditional proxy and transparent proxy package rewriting process: see below

[PC] A [Linux squid server] B
__192.168.11.12_ |_____ 192.168.11.5__ | ___1.2.3.4_________Internet

A machine in the user's browser to set the proxy to 192.168.11.5, port number is 3128, through the B line.
If the access www.linuxforum.net, in fact if you set a proxy if the client browser only and Linux Squid server and the Internet to communicate and never talk on the www.linuxforum.net server, first of all by the squid proxy server
www.linuxforum.net parse (find / etc / host.conf in the resolution order, first / etc / hosts then DNS lookup)
For the IP address 202.106.124.185, the last by the proxy server instead of client IP address of the HTTP access, restore the information back to the squid cache in the first cache, and a copy to the client. Next time if the user or other users to access the same page, you can call from the squid cache to save time.
Transparent proxy process and the traditional agency similar to the difference between
1. DNS resolution process is different, as already mentioned
2. Transparent proxy gateway must be set to squid proxy server IP address, but the traditional agents do not need.
3. Transparent proxy need to set fire chain of input rules, and the rest of squid the same way as traditional agents.

plug-gw:
plug-gw is brought FWTK in general agent. Available to agents such as POP3, HTTP and other application layer services.

[PC] A [Linux POP3] C [Linux plug-gw] B
__192.168.11.12_ |______| 192.168.11.1____192.168.11.5__ | ___1.2.3.4__Internet

If there is a segment within the Linux POP3 server C (192.168.11.1), want external users to receive e-mail can be set in the machine B, the POP3 proxy plug-gw as follows:

Put the following line to / etc / rc.d / rc.local
/ Usr / local / etc / plug-gw-daemon 1.2.3.4:110-name plug-gw-pop3 & file / usr / local / etc / netperm-table has the following line
plug-gw-pop3: port 110 backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp-plug-to 192.168.11.1-port 110

The user to set the POP3 server outlook express address of 1.2.3.4. When the received message, the external interface of the B machine, the port 110 in 1.2.3.4 to accept user requests, subsequently plug-gw treatment, in-house segment, from 192.168.11.5 192.168.11.1 110 port on request. To the data collected by the 1.2.3.4 interface, copy to external users.

Apache reverse proxy.
Packet rewriting process and similar plug-gw

Note: The above stated three cases, the request process is in two separate in the middle usually squid proxy server or plug-gw, Apache server, data server, two network cards in the middle of the action to do copies, but the process of the two requests The source address is randomly assigned to high-end addresses are different. In 1024 and 65535. But in general, TCP / IP address assigned most of the random-end 1024 - 5000 allocation. For example: For the plug-gw is:
If an external dial-up user's IP address is 5.6.7.8. If the address and port as follows:
Source address and port number and destination address and port are:
5.6.7.8 1038 1.2.3.4 110
Request to be plug-gw rewritten as:
192.168.11.5 1045 192.168.11.1 110

Reply by 192.168.11.1 data is copied to the external customers.

But not all cases, the address of the source are randomly assigned to high-end 1024 - 5000. IP masquerading is the exception:

IP masquerading:

[PC] A [Linux MASQ server] B
__192.168.11.12_ |_____ 192.168.11.5__ | ___1.2.3.4_________Internet

Shown above, PC A through B camouflage Internet. To access www.linuxforum.net, when the package is disguised rewrite process is as follows:

Source address / port number and destination address / port number:
192.168.11.12 1047 202.106.124.185 80
Disguised the source after the address and port number and destination address / port number:
1.2.3.4 62334 202.106.124.185 80

Anti-back package for the
202.106.124.185 80 - 1.2.3.4 62334
Longer be re-written to PC A as:
202.106.124.185 80 - 192.168.11.12 1047

In general, IP source address is usually disguised> 60000, and in the 61000 - 64999 between.
The firewall maintains an IP masquerading comparison table. With the command / sbin / ipchains-M-L-n can be seen as:
[Root @ proxy etc] # / sbin / ipchains-M-L-n
IP masquerading entries
prot expire source destination ports
UDP 02:18.86 192.168.11.12 205.188.179.41 1215 (62615) -> 4000
TCP 17:03.20 192.168.11.12 205.188.248.57 1049 (62584) -> 80

Column from the ports you can control the source address of the match twice.

Port forwarding (port forwarding):
See the article meets in another article, "Using port forwarding to internal network to provide network services of external"

The second part of the way the various agents and the advantages and disadvantages of the application

The role of the various proxy methods:
1. IP masquerading, Squid proxy and transparent proxy for the traditional make no real IP address of LAN users to access Internet.
2. Apache reverse proxy, plug-gw general proxy, port forwarding for external users to access the LAN without real IP address of the server.

Advantages and disadvantages of various proxy methods:
1. Squid has the advantage of client requirements Henshao, as long as Liantong squid server. But the need for each machine are set to the proxy server IP address and port number
2. Squid transparent proxy does not need the advantages of each client are set proxy address and port and simplify client configuration. But the need for each client's default gateway are set to squid proxy server, and require the client to do DNS resolution
3. IP masquerading may be suitable for most application-layer services, unlike the squid only supports http and ftp. But customers also need to set the default gateway address of the firewall. And do not like squid with cache functionality
4. Plug-gw proxy the servers can be as HTTP, POP3, etc.. But the Apache reverse proxy can only reverse proxy http requests
5. Port forwarding for most services. Nothing to do with the specific application. And fast implementation in the kernel IP layer, application layer without requiring special services running. But may need to recompile the kernel.






Recommended links:



How To Ubuntu Equipment Chinese Character Library



Games And Entertainment Specialist



Zhu Wenhui: Deep popularity



avc Converter



convert .mov to .wmv free



Mr. Chen will be back in the more TERRIBLE



Call ChooseColor Function In PowerBuilder



J2ME Game NORMAL-FRAME



Delphi programming animation AVI play without sound



Got hit by Baidu PPC



Report Hobby



CONVERT m4a to mp3



flv Converter



Monday, July 12, 2010

Advertising is losing confidence!



Jason Jiang and other media have begun to build the living area so that we become unable to breathe, the advertising industry's rapid growth defects are gradually revealed, to prevent the disco of the city is desperately needed.

Bus, apartment elevators, restaurants, and restaurants can be placed almost toilet dynamic and static screen display space has started intrusive advertising, is accelerating the process of commercialization of our growing impetuous attitude. In the early advertisement where we start doing it with freshness, a long time, we started as far as possible away from it. Why would someone spend money to install something so annoying? Why do these businesses will spend money on their products will only make people hate advertising? Even have to ask, who is not authorized by such an obvious place we welcome the commercial form of this what?

Disturbing the peace, in my view the reason why much cover the entire ad space potential is the main reason - commercially driven. Is a multi-business corruption, the proceeds form the chain.

More physical and chemical processes for each of us began to act on the heart or a change in values is a test of our lack of universal ethical bottom line. Lured in materialized, people change not only stimulated by the material itself, more advertising is also subject to establish a nurturing atmosphere of physical and chemical culture, overwhelming Rolex, BMW, the villa's clear to keep the image of ad the material's many advantages. In the human heart the desire to be lit, the moral and ethical weight will disappear.

In recent years, the capital market has been a strong promoter of the advertising market, for as long as the capitalists have the opportunity to be able to sell products to hundreds of millions of Chinese people will lead to an industry stir-fried. Focus listing more of the inspired more people to join the media industry, it is also rapidly rising stock market has given us life more bothered.

I believe that China lives of city people will not let go of disco, market forces will eventually be effective to prevent further deterioration of the situation. As people return to peaceful life in pursuit of a number of international standards by the district administration has already begun to prevent the entry of advertising, which is keen appreciation of the Chinese people, the house should stand as a thrust. More and more owners have started addressing this situation, and from the quiet day long?

Not also the quiet surroundings, will have one day to protest the near future, noise and light pollution will be unbearable.







Recommand Link:



Simple Food And Drink



Bluesea MPG M4V Convert



CloneDVD 4 Pro



Psp video converter



Articles About Audio Players



Happiness Midi M4A to AMR Copier



free DOWNLOAD mp4 to 3gp



m4v FILE



avc-free



evaluation Investment Tools



Youtube Video to BLACKBERRY Home



AV Music Morpher



Youtube to Pocket PC Value



AllRipper MPG To DVD



Wizard Screen Savers