tcp/ip assumptions

Hal Murray hmurray at megapathdsl.net
Tue Jan 29 02:23:58 EST 2008 

> I may be mistaken, but I believe I've read Linux descriptions of NTP
> which allowed the server URL to be prepended with a proxy-URL.  I do
> not know whether something like that is supported by fedora (or XO). 

NTP doesn't use URLs so one of us is really confused.  (I'm assuming you are 
talking about Network Time Protocol.)


> The reason I called it a "relay" system is because it intermediates
> between my local LAN and the internet.  This system already provides
> several 'servers' for my local LAN, plus several kinds of 'proxies'. 

I'm familiar with 2 types of "typical" setups.  One uses a router.  The other 
uses a NAT box.

The router just forwards packets.  The "pure" router doesn't look inside the 
packets.

Some routers have firewalls added to try to prevent malicious activities.  
Some of them look inside the packets and keep track of what's going on.  It's 
often easier to do that sort of work with a proxy.

A NAT box is similar to a router but it patches the IP Addresses of packets 
that it forwards.  The initial motivation was to allow several systems in the 
inside to share a single outside facing IP Address.  This is typical of DSL 
and cable boxes that are often called routers.  NAT works OK as long as you 
don't send your IP address or port numbers inside the packets.  (or include 
it in any crypto hashing or...)

NAT gives you some of a firewall for free since unsolicitedincoming packets 
don't get forwarded.  Solicited includes two cases.  One is packets that are 
part of an existing conversation (replies to an outgoing packet).  The other 
is packets to a server where you have setup a table entry telling the NAT box 
where to send packets for that port number.  (aka the server is)
 


A proxy is a box that listens on one side and processes packets at the 
application (web/HTTP) level and replays the requests out another side.  
Sometimes those "sides" are two different ethernet interfaces.

Proxys are often used in corporate environments because they can do logging 
and web filtering...


For NTP, the usual solution is to run an NTP server on the inside network and 
then setup your systems to talk to it rather than someplace outside.  You 
might run it on the proxy but larger organizations probably have a dedicated 
machine.



ntpd on my XO works just fine through a NAT box.



-- 
These are my opinions, not necessarily my employer's.  I hate spam.

More information about the Devel mailing list