RE: [newbie] Proxy and NAT
I like the discussion, but here's one question that's baffled me: How does the NAT distinguish between sessions with clients who whish to talk to the same port on the same IP ? My Theory: The NAT or the Foreign IP server will issue a unique port number for each session, and the NAT will then reverse-translate the unique ports to the port that the client expects... Just another shot in the wind... -Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Randy Kramer Sent: Sunday, July 22, 2001 10:52 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [newbie] Proxy and NAT Jose (and everyone), Thanks for the response! I may need to digest it a little more, but my first take on the difference is that I need more software on my host (the workstation) to work with a proxy server, and it has to go through the extra step of logging on to my Internet gateway (which, in this case, I guess, would be my proxy server). Are there any practical (i.e., user visible) advantages or disadvantages of a proxy server vs. NAT? Any reason I should consider switching? Maybe one thing comes to mind -- I guess Squid (if I have the right name -- that thing that can cache Internet pages on my local LAN) is a proxy server (or a variation or enhancement of a proxy server), and, I suspect, no one has ever built a NAT gateway with similar caching capabilities? Not that I'd ever try to build one, but if both proxy servers and NAT gateways had caching capabilities, would one be a better choice than the other? Why? Randy Kramer Jose M. Sanchez wrote: For all intents and purposes, MAC addresses have no bearing on NAT or PROXY. Good! You are reasonably close but the devil is in the details... I'm sure -- I was trying to keep it simple for myself. --- Now my question: Can somebody tell me what is different about a proxy server? (In some similar oversimplified but reasonably correct and adequate form) --- A NAT server repackages the protected outbound packets and sends them out to the internet as if originating from the NAT host machine. Proxy on the other hand does NOT requires packets to be repackaged rather the HOST acts as an agent or proxy (hence the term) on your behalf. With a proxy server the addresses used on the protected net are almost unimportant. The client logs in (passive proxies and login-less proxies confuse things a bit) to the proxy on your behalf and submits the request, etc. With NAT the client software can safely assume that your client machine is on the internet. As a result there need be no special PROXY code included in the client. Client software believes the machine to be directly connected to the net with the NAT host as the gateway. With proxy the client software can effectively only contact the internet via the proxy. Seemingly a small difference, but in fact it's a huge difference. -JMS
RE: [newbie] Proxy and NAT
The Cisco PIX firewall does it like this: clientA: 10.0.0.1===(PIX)123.4.5.6:5677Server clientB: 10.0.0.2===(PIX)123.4.5.6:5678Server Gotcha, the NAT is responcible for port allocation... This scheme cannot be used with streaming protocols, according to Cisco; I've never tried. Hmm... I'll have to see if I can get the NAT/PAT on my LAN to ship streaming audio... that's a good question. As UDPs cary Port numbers, just as TCPs, I don't know why not... though I am certain someone will edumacate me... Thanks for your time... Chris === Chris Slater-Walker BA(Hons) CCNA CCDA MCSE Cisco, Windows NT, Linux, Samba, DNS - Chris TinyHoffman wrote: How does the NAT distinguish between sessions with clients who whish to talk to the same port on the same IP ? My Theory: The NAT or the Foreign IP server will issue a unique port number for each session, and the NAT will then reverse-translate the unique ports to the port that the client expects... I don't know -- suspect it is one of those details that the devil is in ;-) It does seem to work properly -- I've browsed the same sites from adjacent machines, and never seemed to have a problem that I could attribute to the data coming to the (my) wrong client machine. Maybe somebody else can answer your question. regards, Randy Kramer
RE: [newbie] Memory use
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Anguo Sent: Sunday, July 08, 2001 23:55 To: [EMAIL PROTECTED] Subject: [newbie] Memory use ¦b 2001 ¤C¤ë 1 ¬P´Á¤é 23:01¡Acivileme ¼g¹D: linux makes an effort to keep almost all memory in use all the time (figuring unused memory is wasted memory), so it often finds memory errors right away that windows would totally miss. Civileme Oh! You just replied a question I didn't ask! :-) I just bought a new box and insisted on having 256Mb RAM (against the advice of a friend who said 128Mb would be enough). After installing LM8.0, I noticed that most of the 256Mb were used, confirming that I made the right choice, but I also wondered why Linux would precisely use the amount of RAM I had. I was thinking to wait that memory comes cheaper to add two 512Mb bars to have a total of 1300Mb RAM. Would that make the system faster, or would that only be a waste of money? (running on a AMD Duron 750Mhz, that I may upgrade to K7 1.4Mhz sometime next year) I only run typical desktop single user applications (mail, internet...). Anguo P.S. : Even though this list is very busy, I do my best to read all the messages. I learn a lot this way. Thanks to everyone who ask questions (which are never stupid) and thanks to all those who take the time to reply... Correct me if I am wrong, whoever is listening, but this is my theory: The kernl's memory map will configure the memory paging tables to utilize the Ram first, and then page to /swap when it needs extended frame storage. Therefore I think the simple answer is that the whatever RAM is available to the kernl, it will use, as it is that much less memory that is reqired from /swap. - tiny
RE: [newbie] RPM manager
I like the idea, however I am attempting to upgrade within 7.1. I believe that this is the best build I can get with GNOME native archetecture. IF I were to upgrade the libraries, would it be feasable to re-compile, or somehow get the newer RPM to do a staic link, soley? -Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of civileme Sent: Thursday, July 05, 2001 13:23 To: TinyHoffman; Newbie Subject: Re: [newbie] RPM manager On Thursday 05 July 2001 14:29, TinyHoffman wrote: o.k. I am running mdk7.1, I want to upgrade a few parts, now that I have a solid footing on the OS. I attempted to upgrade my pppd to IV, fom II, but found that my RPM would not take a package = 3(major number)... the RPM archives at redhat suggested that I upgrade to 3.0.6 (from the stock 3.0.4), and then to 4.0.x... Now the 3.0.4 won't upgrade without a glibc =2.1.3. a: can I safely run two libraries? b: Is there a better way of upgrading my RPM manager? or c: am I just approaching the bull from the wrong end? -Chris Hoffman [EMAIL PROTECTED] It is easy to break your system by having two libraries because the links have to be managed very very carefully. We took care of that in 8.0 by changing library naming and packaging policies. 7.1 is a stable system with only one serious bug in the script to rotate logs which is fixed by removing a * at the end of a line. It is also arguably the most beautiful mandrake release ever done. Theme support is still not back to what it was before the inception of KDE2. On Mandrakefroum you can find an article anout two mandrake systems on the same computer dual-booting. I would really suggest that alternative. Get an 8.0 for the rpm4 stuff and keep your classic OS. http://www.mandrakeforum.com/article.php?sid=473lang=en Civileme
