tcp/ip assumptions
Hal Murray
hmurray at megapathdsl.net
Tue Jan 29 02:23:58 EST 2008
> I may be mistaken, but I believe I've read Linux descriptions of NTP
> which allowed the server URL to be prepended with a proxy-URL. I do
> not know whether something like that is supported by fedora (or XO).
NTP doesn't use URLs so one of us is really confused. (I'm assuming you are
talking about Network Time Protocol.)
> The reason I called it a "relay" system is because it intermediates
> between my local LAN and the internet. This system already provides
> several 'servers' for my local LAN, plus several kinds of 'proxies'.
I'm familiar with 2 types of "typical" setups. One uses a router. The other
uses a NAT box.
The router just forwards packets. The "pure" router doesn't look inside the
packets.
Some routers have firewalls added to try to prevent malicious activities.
Some of them look inside the packets and keep track of what's going on. It's
often easier to do that sort of work with a proxy.
A NAT box is similar to a router but it patches the IP Addresses of packets
that it forwards. The initial motivation was to allow several systems in the
inside to share a single outside facing IP Address. This is typical of DSL
and cable boxes that are often called routers. NAT works OK as long as you
don't send your IP address or port numbers inside the packets. (or include
it in any crypto hashing or...)
NAT gives you some of a firewall for free since unsolicitedincoming packets
don't get forwarded. Solicited includes two cases. One is packets that are
part of an existing conversation (replies to an outgoing packet). The other
is packets to a server where you have setup a table entry telling the NAT box
where to send packets for that port number. (aka the server is)
A proxy is a box that listens on one side and processes packets at the
application (web/HTTP) level and replays the requests out another side.
Sometimes those "sides" are two different ethernet interfaces.
Proxys are often used in corporate environments because they can do logging
and web filtering...
For NTP, the usual solution is to run an NTP server on the inside network and
then setup your systems to talk to it rather than someplace outside. You
might run it on the proxy but larger organizations probably have a dedicated
machine.
ntpd on my XO works just fine through a NAT box.
--
These are my opinions, not necessarily my employer's. I hate spam.
More information about the Devel
mailing list