Friday, July 30, 2010

Comparison of six agent approach

Traditional proxy, transparent proxy, plug-gw, Apache reverse proxy, IP masquerading, port forwarding comparison of six methods

The first part features a variety of proxy and packet rewriting the way the process

Squid proxy and transparent proxy tradition:

In Linux, the most widely used traditional proxy and transparent proxy is Squid. Default Squid configuration into the traditional agency approach. In this way, windows in the browser client to set the proxy server address and port number, the client actually very little work to be done. Only need to specify the proxy server IP address and port number can be, the other left to do all that to the proxy server. In this way a striking feature is the windows client browsing the Web, when entering a URL, DNS is also done by the proxy server. DNS resolution process is based on Linux server set up / etc / host.conf file parsing order of.
General of the order is to first find the / etc / hosts, then looking for DNS database bind. In this case, the interesting example is that if you set up a site for your internal network domain in a server, you first go to access the internal network server. If you set then your browser can not access the internet to a yahoo site.
However, if you set the transparent proxy, then the resolution of the DNS and then the order will become windowshosts Linux, DNS database. No longer possible to check the Linux server / etc / hosts file.
Introduction of transparent proxy, see the article meets in another article "How to set the transparent proxy in Linux"

Traditional proxy and transparent proxy package rewriting process: see below

[PC] A [Linux squid server] B
__192.168.11.12_ |_____ | ___1.2.3.4_________Internet

A machine in the user's browser to set the proxy to, port number is 3128, through the B line.
If the access, in fact if you set a proxy if the client browser only and Linux Squid server and the Internet to communicate and never talk on the server, first of all by the squid proxy server parse (find / etc / host.conf in the resolution order, first / etc / hosts then DNS lookup)
For the IP address, the last by the proxy server instead of client IP address of the HTTP access, restore the information back to the squid cache in the first cache, and a copy to the client. Next time if the user or other users to access the same page, you can call from the squid cache to save time.
Transparent proxy process and the traditional agency similar to the difference between
1. DNS resolution process is different, as already mentioned
2. Transparent proxy gateway must be set to squid proxy server IP address, but the traditional agents do not need.
3. Transparent proxy need to set fire chain of input rules, and the rest of squid the same way as traditional agents.

plug-gw is brought FWTK in general agent. Available to agents such as POP3, HTTP and other application layer services.

[PC] A [Linux POP3] C [Linux plug-gw] B
__192.168.11.12_ |______| | ___1.2.3.4__Internet

If there is a segment within the Linux POP3 server C (, want external users to receive e-mail can be set in the machine B, the POP3 proxy plug-gw as follows:

Put the following line to / etc / rc.d / rc.local
/ Usr / local / etc / plug-gw-daemon plug-gw-pop3 & file / usr / local / etc / netperm-table has the following line
plug-gw-pop3: port 110 backup bin conf config data eshow_sitemap.html log maint sitemap.html svn tmp-plug-to 110

The user to set the POP3 server outlook express address of When the received message, the external interface of the B machine, the port 110 in to accept user requests, subsequently plug-gw treatment, in-house segment, from 110 port on request. To the data collected by the interface, copy to external users.

Apache reverse proxy.
Packet rewriting process and similar plug-gw

Note: The above stated three cases, the request process is in two separate in the middle usually squid proxy server or plug-gw, Apache server, data server, two network cards in the middle of the action to do copies, but the process of the two requests The source address is randomly assigned to high-end addresses are different. In 1024 and 65535. But in general, TCP / IP address assigned most of the random-end 1024 - 5000 allocation. For example: For the plug-gw is:
If an external dial-up user's IP address is If the address and port as follows:
Source address and port number and destination address and port are: 1038 110
Request to be plug-gw rewritten as: 1045 110

Reply by data is copied to the external customers.

But not all cases, the address of the source are randomly assigned to high-end 1024 - 5000. IP masquerading is the exception:

IP masquerading:

[PC] A [Linux MASQ server] B
__192.168.11.12_ |_____ | ___1.2.3.4_________Internet

Shown above, PC A through B camouflage Internet. To access, when the package is disguised rewrite process is as follows:

Source address / port number and destination address / port number: 1047 80
Disguised the source after the address and port number and destination address / port number: 62334 80

Anti-back package for the 80 - 62334
Longer be re-written to PC A as: 80 - 1047

In general, IP source address is usually disguised> 60000, and in the 61000 - 64999 between.
The firewall maintains an IP masquerading comparison table. With the command / sbin / ipchains-M-L-n can be seen as:
[Root @ proxy etc] # / sbin / ipchains-M-L-n
IP masquerading entries
prot expire source destination ports
UDP 02:18.86 1215 (62615) -> 4000
TCP 17:03.20 1049 (62584) -> 80

Column from the ports you can control the source address of the match twice.

Port forwarding (port forwarding):
See the article meets in another article, "Using port forwarding to internal network to provide network services of external"

The second part of the way the various agents and the advantages and disadvantages of the application

The role of the various proxy methods:
1. IP masquerading, Squid proxy and transparent proxy for the traditional make no real IP address of LAN users to access Internet.
2. Apache reverse proxy, plug-gw general proxy, port forwarding for external users to access the LAN without real IP address of the server.

Advantages and disadvantages of various proxy methods:
1. Squid has the advantage of client requirements Henshao, as long as Liantong squid server. But the need for each machine are set to the proxy server IP address and port number
2. Squid transparent proxy does not need the advantages of each client are set proxy address and port and simplify client configuration. But the need for each client's default gateway are set to squid proxy server, and require the client to do DNS resolution
3. IP masquerading may be suitable for most application-layer services, unlike the squid only supports http and ftp. But customers also need to set the default gateway address of the firewall. And do not like squid with cache functionality
4. Plug-gw proxy the servers can be as HTTP, POP3, etc.. But the Apache reverse proxy can only reverse proxy http requests
5. Port forwarding for most services. Nothing to do with the specific application. And fast implementation in the kernel IP layer, application layer without requiring special services running. But may need to recompile the kernel.

Recommended links:

How To Ubuntu Equipment Chinese Character Library

Games And Entertainment Specialist

Zhu Wenhui: Deep popularity

avc Converter

convert .mov to .wmv free

Mr. Chen will be back in the more TERRIBLE

Call ChooseColor Function In PowerBuilder


Delphi programming animation AVI play without sound

Got hit by Baidu PPC

Report Hobby

CONVERT m4a to mp3

flv Converter

No comments:

Post a Comment