A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

Network configuration with proxy server



 
 
Thread Tools Display Modes
  #1  
Old February 7th 05, 03:24 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 251
Default Network configuration with proxy server

A customer has asked me to set up a home network for him, to use a proxy
server (he has the PC that will act as the server and the W2K server
software). Some of the PCs will need to access his work network via VPN,
authenticated by SecureID (using the little keyfob devices that generate a
unique time-varying authentication ID).

Can I check the configuration that he's proposed:
http://fp.martinunderwood.f9.co.uk/n...20original.gif

I think as he's drawn it, it won't work and that he needs the server to have
two network cards, one connected to the Internet via an ADSL modem and the
other connected to his private network via a switch/wireless access point,
with the W2K server software handling the routing:
http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif

Alternatively he could dispense with the proxy server and have a
conventional router network
http://fp.martinunderwood.f9.co.uk/n...h%20router.gif


I'm not entirely sure what advantages he perceives in having a proxy server,
given that an ordinary broadband router will include a firewall and that
there will be the inherent isolation of private from public that a router's
network address translation (NAT) gives. I can't see his network making much
use of the web-page cacheing that a proxy server gives.


Before I put these points to the customer, I want to be reasonably sure of
my facts. Are my two configuration diagrams (network - with proxy.gif and
network - with router.gif) correct? Are there any other significant
advantages of a proxy server over a hardware router that I've overlooked?

To handle VPN traffic (ie PC clients on the home private network accessing a
company's private network via VPN and the internet), will any router work or
will it need additional VPN functionality? And will the router need to be
configured specifically to allow VPN traffic to pass through it?







  #2  
Old February 7th 05, 07:14 PM posted to uk.comp.home-networking
Rod
external usenet poster
 
Posts: 2
Default Network configuration with proxy server


"Martin Underwood" wrote in message
...
A customer has asked me to set up a home network for him, to use a proxy
server (he has the PC that will act as the server and the W2K server
software). Some of the PCs will need to access his work network via VPN,
authenticated by SecureID (using the little keyfob devices that generate a
unique time-varying authentication ID).

Can I check the configuration that he's proposed:
http://fp.martinunderwood.f9.co.uk/n...20original.gif


No, without NAT or router he will only get a single IP from the internet
therefore only one of the connected devices would be able to access the
outside world.

I think as he's drawn it, it won't work and that he needs the server to
have
two network cards, one connected to the Internet via an ADSL modem and the
other connected to his private network via a switch/wireless access point,
with the W2K server software handling the routing:
http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif


Yes - its how mine works. My ADSL modem is just that - a modem without any
NAT or router thus passing the internet IP address to a NIC in my server.
My second NIC is connected to a switch and then to the other devices....

Alternatively he could dispense with the proxy server and have a
conventional router network
http://fp.martinunderwood.f9.co.uk/n...h%20router.gif


Or Yes - used to do this before I set up a dedicated web/ftp server...


I'm not entirely sure what advantages he perceives in having a proxy
server,
given that an ordinary broadband router will include a firewall and that
there will be the inherent isolation of private from public that a
router's
network address translation (NAT) gives. I can't see his network making
much
use of the web-page cacheing that a proxy server gives.


If he has a DNS server it can cache the IP's of sites visited - doesn't make
*that* much difference though


Before I put these points to the customer, I want to be reasonably sure of
my facts. Are my two configuration diagrams (network - with proxy.gif and
network - with router.gif) correct? Are there any other significant
advantages of a proxy server over a hardware router that I've overlooked?


Don't think so


To handle VPN traffic (ie PC clients on the home private network accessing
a
company's private network via VPN and the internet), will any router work
or
will it need additional VPN functionality? And will the router need to be
configured specifically to allow VPN traffic to pass through it?

Don't know - never tried it!


  #3  
Old February 7th 05, 07:46 PM posted to uk.comp.home-networking
Rob Morley
external usenet poster
 
Posts: 1,379
Default Network configuration with proxy server

In article ,
"Martin Underwood" says...
A customer has asked me to set up a home network for him, to use a proxy
server (he has the PC that will act as the server and the W2K server
software). Some of the PCs will need to access his work network via VPN,
authenticated by SecureID (using the little keyfob devices that generate a
unique time-varying authentication ID).

Can I check the configuration that he's proposed:
http://fp.martinunderwood.f9.co.uk/n...20original.gif

I think as he's drawn it, it won't work and that he needs the server to have
two network cards, one connected to the Internet via an ADSL modem and the
other connected to his private network via a switch/wireless access point,
with the W2K server software handling the routing:
http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif


I don't see why that wouldn't work - local machine talks to proxy,
proxy talks to router, local machine can't connect directly through
router because it's blocked by IP or MAC address. That is of course
assuming the his "wireless ethernet hub" is a wireless ADSL router
(as suggested by the fact that the diagram shows it connected to "The
Internet") and not just an access point. If it is an AP then he'll
need a router, and as you suggest the easiest way to do that is to
use the proxy server with two NICs.

Alternatively he could dispense with the proxy server and have a
conventional router network
http://fp.martinunderwood.f9.co.uk/n...h%20router.gif


I'm not entirely sure what advantages he perceives in having a proxy server,
given that an ordinary broadband router will include a firewall and that
there will be the inherent isolation of private from public that a router's
network address translation (NAT) gives. I can't see his network making much
use of the web-page cacheing that a proxy server gives.

Before I put these points to the customer, I want to be reasonably sure of
my facts. Are my two configuration diagrams (network - with proxy.gif and
network - with router.gif) correct? Are there any other significant
advantages of a proxy server over a hardware router that I've overlooked?


A PC-based proxy can allow much more configuration of filters than a
NAT router would - picking keywords out of URLs, virus scanning, even
blocking images that have too much flesh tone :-)

To handle VPN traffic (ie PC clients on the home private network accessing a
company's private network via VPN and the internet), will any router work or
will it need additional VPN functionality? And will the router need to be
configured specifically to allow VPN traffic to pass through it?

That's not something I'd claim to know anything about, but I suspect
that the PC-as-router option will be the most flexible solution
(although I'd go for Linux rather than Windows).
  #4  
Old February 7th 05, 10:15 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 251
Default Network configuration with proxy server

"Rob Morley" wrote in message
t...
In article ,
"Martin Underwood" says...
A customer has asked me to set up a home network for him, to use a proxy
server (he has the PC that will act as the server and the W2K server
software). Some of the PCs will need to access his work network via VPN,
authenticated by SecureID (using the little keyfob devices that generate
a
unique time-varying authentication ID).

Can I check the configuration that he's proposed:
http://fp.martinunderwood.f9.co.uk/n...20original.gif

I don't see why that wouldn't work - local machine talks to proxy,
proxy talks to router, local machine can't connect directly through
router because it's blocked by IP or MAC address. That is of course
assuming the his "wireless ethernet hub" is a wireless ADSL router
(as suggested by the fact that the diagram shows it connected to "The
Internet") and not just an access point. If it is an AP then he'll
need a router, and as you suggest the easiest way to do that is to
use the proxy server with two NICs.


Clever: using the same box for the two different purposes that I've shown in
http://fp.martinunderwood.f9.co.uk/n...th%20proxy.gif, relying
on the fact that when NAt is turned off, the private traffic will not be
able to get out of the router onto the internet, except when routed by the
server.

If the "wireless ethernet hub" is a conventional wireless router but with
NAT turned off, I can see how it can be configured only to pass traffic to
ADSL if its source IP is in the subnet of the IP address that the ISP has
provided - traffic that will have come from the proxy server. Traffic from
the private LAN will be in a different subnet (probably 192.168.x.x) and
computers can be allocated IP addresses in this subnet by DHCP on the
server. This traffic will not get out to the public side of the router
because it's in the wrong subnet. The LAN card on the server has two IP
addresses - one in the private subnet and one in the public subnet. All the
PCs have their browsers configured to use the server as proxy. So traffic
goes from the PC, either by wireless or Ethernet, to the server; the server
then rebroadcasts the traffic on the public IP address and so it goes onto
the internet. Incoming traffic takes the reverse route.

How exactly should the the router be configured? NAT will be turned off,
obviously, since the server is doing the routing. The router's public side
will (presumably) be allocated an IP by the ISP (as is normally the case
when NAT is enabled on a router) and the server will be given a static IP
address in the same subnet. Does this mean that traffic will cross the
router between public and private side? I presume the same NIC should also
be given a static IP in the private range 192.168.x.x.

How straightforward is it to configure routing in W2000 server? I've got a
book that describes it in detail for W2003 server; is it similar for W2000?

One thing: I can see how a browser can be configured to use a proxy server,
but can an email client such as Outlook (in POP rather than Exchange mode)
or Outlook Express be configured to use a proxy server?


Hang on a second... the switch in the router will need to be configured to
pass all traffic on any of its ports (including traffic via wireless) to the
port that the server is attached to. Normally a switch woudln't do this:
it's specifically designed to prevent traffic on one port from coming out of
the other ports. How do you configure the router to do this? I presume the
fan-out in a router is* in the form of a switch rather than a hub (which
*would* replicate all traffic to all ports).


This all sounds rather complicated. I feel a bit like Daniel going into the
lion's den!


 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why proxy server set to 127.0.0.1? Steve uk.telecom.broadband (UK broadband) 3 February 15th 05 02:40 AM
Why proxy server set to 127.0.0.1? Charlie Tame uk.telecom.broadband (UK broadband) 3 February 13th 05 07:14 PM
Why proxy server set to 127.0.0.1? Jan Il uk.telecom.broadband (UK broadband) 0 February 13th 05 01:53 AM
NTL proxy server? BRG uk.telecom.broadband (UK broadband) 5 May 8th 04 11:30 PM
NTL proxy server? Janice uk.telecom.broadband (UK broadband) 0 May 3rd 04 10:17 PM


All times are GMT +1. The time now is 08:54 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.