Difference between NAT and Proxy. Purpose of proxy servers and NAT What is the difference between proxy and nat

Proxy server designed to mediate between the workstation and the World Wide Web.

The proxy computer passes user requests through itself, and then returns the results received from the Internet. This is a kind of “trusted person” that facilitates simultaneous access of all machines on the local network to the Internet. At the same time, the administrator setting up the network is freed from the need to assign each individual point its own IP address, build a complex routing scheme, or contact the provider for an additional (usually paid) service.

In addition to the unnecessary trouble and unjustified high cost of such methods, which, fortunately, are becoming a thing of the past, the level of data security in the local area is lost, making each computer a potential target for virus attacks and hacker attacks. In addition, due to the lack of centralized management, the administrator will have more worries about monitoring each individual station. And, by the way, with the second method of setting up the local network’s access to the Internet, you also need an additional program on the main computer, which will route packets, but, unlike a proxy, transmitting the clients’ real IPs.

A router that can change addresses is called NAT proxy(from the English abbreviation network address translation, which can be translated as “network address converter”).

NAT- the first, simplest type of this program, a kind of transitional link from one type of setting up the operation of a local network to another type. Under the name “Sharing Internet connection,” NAT-proxy is already found in Windows 2000 and XP. This program is designed for the average user who is not required to have in-depth knowledge of a qualified system administrator. To work, you do not need to make any specialized, sophisticated settings. But, in fact, this advantage is very doubtful. NAT, being a universal proxy, is not capable of understanding the intricacies of application protocols. Therefore, for more correct and secure operation, it is worth familiarizing yourself with specialized proxy programs.

The most common software in its class is HTTP proxy. From the name it becomes clear that the basis is the principle of organizing work using the HTTP protocol. No serious network can do without this program. What she can do:

• Save files received from the Internet to a server disk, which allows you to return the existing data upon repeated request without accessing the WWW, increasing the speed of work and saving overall traffic.
• Restrict access to resources. For example, do not allow clients to visit sites from the “black list”. Or not all clients, but only a certain group. Or not for the entire time you are online, but only at certain hours. This advantage opens up the broadest possibilities for organizing the client part of the local network.
• Manage download priorities. This helps to avoid complete absorption of traffic by fans of free music or watching online movies.
• Count the traffic used in a given time period.
• Determine the rating of various resources

And even this rather extensive list of HTTP proxy skills is not a complete listing of its advantages. HTTP proxy can also work with FTP servers. But with the mutual conversion of FTP and HTTP, the nuances of FTP functionality are partially lost. Naturally, for specialized ftp clients to work correctly, specialized software is preferable. FTP proxy can be part of an HTTP proxy or a separate program, as in Eserv and Eproxy. To emphasize this point, proxies from Eserv and Eproxy are usually called FTP-gate.

Standing apart is the part separated from HTTP for working with classified information - the HTTPS proxy. Mapping proxy has the goal of setting up through a proxy the work of those programs that are used to accessing Internet resources without any mediation, for example, email services like The Bat and Outlook Express. For these purposes, a local image of the server requested by the program is installed. That is, this is a kind of deception, a trick, which, nevertheless, almost always works.

Socks proxy is a program that is gaining momentum in popularity by providing clients with the opportunity to transparently use services behind firewalls. In our

Proxy server designed to mediate between the workstation and the World Wide Web.

The proxy computer passes user requests through itself, and then returns the results received from the Internet. This is a kind of “trusted person” that facilitates simultaneous access of all machines on the local network to the Internet. At the same time, the administrator setting up the network is freed from the need to assign each individual point its own IP address, build a complex routing scheme, or contact the provider for an additional (usually paid) service.

In addition to the unnecessary trouble and unjustified high cost of such methods, which, fortunately, are becoming a thing of the past, the level of data security in the local area is lost, making each computer a potential target for virus attacks and hacker attacks. In addition, due to the lack of centralized management, the administrator will have more worries about monitoring each individual station. And, by the way, with the second method of setting up the local network’s access to the Internet, you also need an additional program on the main computer, which will route packets, but, unlike a proxy, transmitting the clients’ real IPs.

A router that can change addresses is called NAT proxy(from the English abbreviation network address translation, which can be translated as “network address converter”).

NAT- the first, simplest type of this program, a kind of transitional link from one type of setting up the operation of a local network to another type. Under the name “Sharing Internet connection,” NAT-proxy is already found in Windows 2000 and XP. This program is designed for the average user who is not required to have in-depth knowledge of a qualified system administrator. To work, you do not need to make any specialized, sophisticated settings. But, in fact, this advantage is very doubtful. NAT, being a universal proxy, is not capable of understanding the intricacies of application protocols. Therefore, for more correct and secure operation, it is worth familiarizing yourself with specialized proxy programs.

The most common software in its class is HTTP proxy. From the name it becomes clear that the basis is the principle of organizing work using the HTTP protocol. No serious network can do without this program. What she can do:

• Save files received from the Internet to a server disk, which allows you to return the existing data upon repeated request without accessing the WWW, increasing the speed of work and saving overall traffic.
• Restrict access to resources. For example, do not allow clients to visit sites from the “black list”. Or not all clients, but only a certain group. Or not for the entire time you are online, but only at certain hours. This advantage opens up the broadest possibilities for organizing the client part of the local network.
• Manage download priorities. This helps to avoid complete absorption of traffic by fans of free music or watching online movies.
• Count the traffic used in a given time period.
• Determine the rating of various resources

And even this rather extensive list of HTTP proxy skills is not a complete listing of its advantages. HTTP proxy can also work with FTP servers. But with the mutual conversion of FTP and HTTP, the nuances of FTP functionality are partially lost. Naturally, for specialized ftp clients to work correctly, specialized software is preferable. FTP proxy can be part of an HTTP proxy or a separate program, as in Eserv and Eproxy. To emphasize this point, proxies from Eserv and Eproxy are usually called FTP-gate.

Standing apart is the part separated from HTTP for working with classified information - the HTTPS proxy. Mapping proxy has the goal of setting up through a proxy the work of those programs that are used to accessing Internet resources without any mediation, for example, email services like The Bat and Outlook Express. For these purposes, a local image of the server requested by the program is installed. That is, this is a kind of deception, a trick, which, nevertheless, almost always works.

Socks proxy is a program that is gaining momentum in popularity by providing clients with the opportunity to transparently use services behind firewalls. In our

A PC connected to a local network can be connected to the Internet using technologies such as NAT and Proxy. What are they?

What is NAT?

NAT is a technology that allows you to connect PCs connected to a local network to the Internet by using the mechanism for translating IP addresses (or ports) to the network space outside the LAN. Each PC connected to the local network makes requests to the NAT service, which converts them into those addressed to certain Internet services.

Using NAT technology, as a rule, involves the use of a separate network device - a router, server or, for example, a firewall.

Even if several computers are connected to the Internet at the same time using NAT technology, the online server sees requests from only one IP address - the one installed on the device in which NAT algorithms are implemented.

There are two main types of the technology in question - Source NAT and Destination NAT.

The first involves replacing the address set for the source of the package when transmitting this packet to the destination computer on the Internet and, accordingly, replacing the address set for the destination PC on the local network when sending the package back. If necessary, the PC port numbers on the LAN can also change.

Destination NAT technology involves the translation of packets sent to a LAN from the external environment - for example, from an online server, to a specific PC that has a local IP address that is inaccessible to the corresponding online server.

The main advantage of using a scheme for connecting a LAN to the Internet via NAT is the centralization of the settings of the corresponding service. There is no need to set any special options on each PC connected to the local network.

What is Proxy?

Proxy is a technology that allows you to connect PCs connected to a network to certain online services through a special gateway that is activated by individual applications. That is, to connect PCs that are part of the LAN to the proxy server on each of them, you need to set the connection settings. Proxy technology is essentially a software service that is loaded on a separate LAN server or on one of the Internet servers.

Computers connected to a LAN request access to online resources not directly, but through the IP address and port of the proxy server. This concept predetermines the existence of some similarities between Proxy and NAT in the sense that the online server forwards content upon request of individual PCs to a common IP address specified in the proxy server settings. Of course, proxy servers in some cases can set unique external IP addresses for connected PCs - but their coincidence with the original IP addresses under which the computers are registered on the LAN is practically impossible.

It can be noted that there are purely “online” proxy servers that are used precisely for the purpose of deliberately masking the IP addresses of computers connecting to the Internet. The principle of their operation is generally similar to that which characterizes the functioning of proxy servers installed on a LAN.

One of the main advantages of using Proxy technology is the ability to cache online content (saving elements of visited web pages and downloaded files in the server’s memory), which allows you to speed up access to the Internet from individual PCs. Other advantages of Proxy are the following:

• control the access of individual LAN users to the Internet, filter content and website addresses,
• install anti-virus software on proxy servers that analyzes outgoing and incoming traffic, which can significantly increase network security.

Proxy technology is considered by many experts to be more functional than NAT, since it allows the implementation of a wide range of network access control algorithms at the software level.

Comparison

The main difference between NAT and Proxy is the technological principles of providing simultaneous Internet access to several PCs located on the LAN.

If we talk about NAT, this standard for managing network connections involves the use of relatively simpler algorithms - when the address of the PC sending the packet to the Internet is changed to the address of the NAT device, which allows the latter to receive the response packet and deliver it to its destination. No adjustments are made to the sent and received packets.

Proxy technology involves the use of more complex mechanisms to ensure the exchange of packets between PCs located on a LAN and online servers. For example, when using a proxy server, content can be cached, filtered, and checked for viruses.

Having determined what the difference is between NAT and Proxy, we will record the main conclusions in a small table.

Table

NAT	Proxy
What do they have in common?
Both technologies are used to organize the simultaneous connection to the Internet of several computers connected to a local network
Online servers receive requests from the IP addresses of a NAT device or proxy server that do not actually match the IP addresses of the computers on which these requests are generated
What is the difference between them?
The NAT device changes the address of the PC sending the packet to the Internet to its own (or specified in the settings), without changing the structure of the request, after which, having received the packet from the online server, it delivers it to its destination also without changes	The proxy server, having received a request from a PC sending a packet to the Internet, redirects it to an online server via an established IP address, after which, having received the packet, it delivers it to its destination without changes or adjusted using filters (if necessary, checked with an anti-virus module)
The technology does not require setting up additional network settings on individual PCs within a LAN	The technology requires setting up programs used to access the network on each PC on the LAN

Let's consider a typical option - the internal network is connected through an Internet access server and uses one external "white" IP address (see the application option in the section " Office network ").

The problem of providing Internet access from an internal network is usually solved using NAT or a proxy server. Each approach has its own advantages and disadvantages.

How NAT worksis a simple translation of IP addresses and ports in packets as they pass through the server. Access through NAT does not require any configuration of client programs - the service transparently broadcasts all outgoing requests outside. This approach is also characterized by maximum performance and low demands on server resources. But NAT prevents the application from opening incoming connections. This imposes restrictions on some protocols, such as IRC.

Traffic Inspector uses Windows NAT service. This is called ICS (Internet Connection Sharing) or RRAS (Routing and Remote Access Server) for server versions of the system.

NAT can operate in port and address translation mode. If one external address is used, then port translation is used. But you can additionally obtain a group of addresses from your provider and then, through NAT, some external address can be assigned to an internal one. This is convenient for the case when there are some servers within the network and transparent port translation is required without replacing them. But there is always the possibility of publishing internal servers externally, even to a single external address.

In its pure form, NAT from Windows is rarely used, since there is practically no possibility of access control and traffic control.

Proxy server operates at the application protocol level and requires appropriate support from client programs and their configuration. Through it you can work via HTTP or FTP protocols. There is also a special SOCKS proxy protocol through which any application that uses TCP can work. Through SOCKS you can open both outgoing and incoming connections, so NAT problems are removed here. The only limitation is the need for SOCKS support from client programs.

When working with HTTP, to save proxy server traffic, they use caching (temporary storage) of downloaded objects, which can be used for repeated requests. Using caching can increase access speed when the Internet is busy.

Also, using a proxy server, you can implement filtering at the application level - for example, deny access to a specific resource on the server or make a distinction based on data content.

As part of Traffic Inspector There is a fully functional HTTP/FTP/SOCKS proxy server. Flexible filtering is implemented, caching is available, and the ability to limit operating speed is available. In terms of functionality, it is in no way inferior to other proxy servers. When working via HTTP, you can work with the CONNECT method, which allows you to work with SSL, and using this method you can also work with FTP, email and other applications that support it. It is also possible to work with FTP over HTTP - in this case, the client uses HTTP (a regular browser), receiving data from the FTP server in the form of pages.

There is another opportunity to work with the Internet from an internal network - this is to obtain an IP subnet from the provider, configure the access server as a router and distribute “white” addresses to clients. Traffic Inspector it can also work in this version. But this approach is of little use, primarily due to security problems. But network routing may be required when organizing a DMZ (the so-called “demilitarized zone”) to host public servers (see the application option in the section "