Differ between NAT and PROXY

Michiel Brandenburg michielb <michielb@stack.nl>
Wed, 17 Oct 2001 16:24:50 +0200 

Hello Lee,

l> Can any expert tell me the different between NAT and PROXY?
Not that I'm an expert .. but:
NAT:
    Network Adress Translation. So basicly the gateway recieves a
    packet to be delivered to the internet.  It changes the source
    adress of the packet to match it's outgoing interface and
    remembers what the host behind the firewall sent the packet.
    It then sends the packet and when the reply comes it changes
    the destination adress of the recieved packet to match the
    original host that sent the packet.  Then it retransmits it on the
    correct interface.  This way a lot of machines can all use the
    same internet ip adress.  This is also known as masquerading.
PROXY:
      Basicly this is a program running on a server, gateway,
      dedicated proxy etc.  This program "fakes" connections.
      The host behind the firewall want a certain webpage.  This
      request ends up at the proxy.  The proxy then looks in it's
      cache to see if it has the page requested.  If it's not in the
      cache it makes a connection to internet and get's the page.  It
      stores it in it's cache and sends a "faked" response back to the
      host that wanted the page.

      Now this "faked" can be a lot.  If ur Win machine is configured
      to use a proxy the browser will ask the proxy directly. So
      host's ip <-> proxy's ip
      If the proxy u are using has been set up as a transparent proxy,
      so the browser is not configured to use it. The data connections
      are then different.
      host's ip -> internet ip
      The proxy intersepts this traffic and send the following
      responce.
      internet ip -> host's ip.
      Note: there is no mention of the proxy's ip anywhere in the
      connection, but the proxy gives the responce not the machine on
      internet.  This is what I ment with a "faked" connection.

l> I heard somebody said NAT cost a lot performance. Is that true?

   NAT is just the changing of 32bits of data in each packet.
   PROXY is a lot more work .. so NAT eventualy gives a better
   performance.  This is only if u have a fast uplink.  If u have a
   slow uplink and a fast gateway with lotsa disks u will actually
   improve the responce time in a big way as all web data will only be
   downloaded once.


-- 
Best regards,
 Michiel                            mailto:michielb@stack.nl