Browse Prior Art Database

Classical versus Transparent IP Proxies (RFC1919)

IP.com Disclosure Number: IPCOM000004159D
Original Publication Date: 1996-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 29 page(s) / 82K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Chatel: AUTHOR

Abstract

Many modern IP security systems (also called "firewalls" in the trade) make use of proxy technology to achieve access control. This document explains "classical" and "transparent" proxy techniques and attempts to provide rules to help determine when each proxy system may be used without causing problems.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group M. Chatel

Request for Comments: 1919 Consultant

Category: Informational March 1996

Classical versus Transparent IP Proxies

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

Many modern IP security systems (also called "firewalls" in the

trade) make use of proxy technology to achieve access control. This

document explains "classical" and "transparent" proxy techniques and

attempts to provide rules to help determine when each proxy system

may be used without causing problems.

Table of Contents

1. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. Direct communication (without a proxy) . . . . . . . . . . . 3

2.1. Direct connection example . . . . . . . . . . . . . . . . 3

2.2. Requirements of direct communication . . . . . . . . . . . 5

3. Classical application proxies . . . . . . . . . . . . . . 5

3.1. Classical proxy session example . . . . . . . . . . . . . 6

3.2. Characteristics of classical proxy configurations . . . 12

3.2.1. IP addressing and routing requirements . . . . . . . . 12

3.2.2. IP address hiding . . . . . . . . . . . . . . . . . . 14

3.2.3. DNS requirements . . . . . . . . . . . . . . . . . . . 14

3.2.4. Software requirements . . . . . . . . . . . . . . . . 15

3.2.5. Impact of a classical proxy on packet filtering . . . 15

3.2.6. Interconnection of conflicting IP networks . . . . . . 16

4. Transparent application proxies . . . . . . . . . . . . . 19

4.1. Transparent proxy connection example . . . . . . . . . . 20

4.2. Characteristics of transparent proxy configurations . . 26

4.2.1. IP addressing and routing requirements . . . . . . . . 26

4.2.2. IP address hiding . . . . . . . . . . . . . . . . . . 28

4.2.3. DNS requirements . . . . . . . . . . . . . . . . . . . 28

4.2.4. Software requirements . . . . . . . . . . . . . . . . 29

4.2.5. Impact of a transparent proxy on packet filtering . . 30

4.2.6. Interconnection of conflicting IP networks . . . . . . 31

5. Comparison chart of classical and transparent proxies . . 31

6. Improving transparent proxies . . . . . . . . . . . . . . 32

7. Security Considerations . . . . . . . . . . . . . . . . . 34

8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 34

9. References . . . . . . . . . . . . . . . . . . . . . . . . 35

1. Background

An increasing number of organizations use IP security systems to

provide specific access control when crossing network security

perimeters. These systems are often deployed at the network boundary

between two organizations (which may be part of the same "official"

entity), or between an organization's network an...