Re: NAT before proxy

[Brad Lunsford]

Am I seeing something wrong here, or won't MS proxy have a problem connecting to the "real" address on the internet that's the same as the addresses being used internally (listed in the LAT)?  If a client on the inside, network w.x.y.0/24, tries to connect to w.x.y.z on the internet, won't MS Proxy see that address as internal and try to forward the request to the local interface instead of the external interface?  That's the situation I'm trying to avoid, and changing the IP addresses to a private range is not an option. ----- Original Message ----- From: Welt, Joey To: 'Brad Lunsford' ; [EMAIL PROTECTED] Sent: Tuesday, February 22, 2000 6:07 PM Subject: RE: NAT before proxy Why wouldnt set the router to be outside, and have the proxy/firewall do NAT for you?  It has to do all the work of the HTTP gets for you anyway and its only a minimal overhead on your cpu.... ?   Outside router ---> switch/VLAN  --> Proxy server dual homed to interal network and outside switch/VLAN. Some proxy boxes (Namely MS), in order to do packet and other protocol traffic filtering requires   Depending on the router and the IOS version on it, your NAT statement on the router might be a Many to Many nat relationship whereas the proxy/firewall will most likely be a Many to 1 relationship.    Just my 2 cents. Hope it helps.       Joey Welt   -----Original Message----- From: Brad Lunsford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 22, 2000 1:38 PM To: [EMAIL PROTECTED] Subject: NAT before proxy I'm setting up a Firewall/Proxy combination for a company that is using unregistered addresses on their network.  My idea was to use a router to perform NAT before the proxy server.  That way, the proxy would sit on a subnet that contained a private address range.  Does anyone have any opinions on this type of setup?