RE: NAT before proxy

[Welt, Joey]

Wouldnt a more traditional model be the router be on the outside and have the proxy/firewall do NAT for you?  It has to do all the work of the HTTP gets for you anyway and its only a minimal overhead on your cpu....   Outside router ---> switch/VLAN  --> Proxy server dual homed to interal network and outside switch/VLAN.   On some proxy boxes in order to do packet and other protocol traffic filtering requires each NIC to be on a seperate subnet. Depending on the router and the IOS version on it, your NAT statement on the router might end up being a Many to Many nat relationship whereas the proxy/firewall will most likely be a Many to 1 relationship.  IE:  1 inside IP to one outside IP, vs, all inside ip's to 1 outside ip - that of the external int of your firewall/proxy.   Just my 2 cents. Hope it helps.       Joey Welt-----Original Message----- From: Brad Lunsford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 22, 2000 1:38 PM To: [EMAIL PROTECTED] Subject: NAT before proxy I'm setting up a Firewall/Proxy combination for a company that is using unregistered addresses on their network.  My idea was to use a router to perform NAT before the proxy server.  That way, the proxy would sit on a subnet that contained a private address range.  Does anyone have any opinions on this type of setup?