Router/firewall or Proxy

[Grogi]

Hi all,

I am curious what are the advantaged and disadvantages of router/firewall as a way to connect to internet or using proxy for the same purpose.

I know the basic difference but I want to know informations based on experience.

Also, is there some good solution for proxy which comes with some distro and which can be managed by web.

Thanks!

[offroadaaron]

router uses NAT, NAT makes 1 internet IP address usable for everyone on the LAN side of things, if a packet needs to go through it needs to be forwarded to the IP address of the destination machine (port forwarding). This is only for packets that are incoming, outgoing are usually tagged to come in and be directed to right machine anyways. NAT prevents someone accessing local machines from the Internet, unless the port/ports are opened up.

firewall prevents certain IP or ports being used by everyone or certain IP's, so say you Forward Port 22 to 120.0.0.23, then you can say only 1 IP 231.32.2.33 can pass through to 120.0.0.23 and all other IP's are denied. you can also have most things denied just to be safe, EG you get spyware and you don't want it sending packets out to whereever it locks it in so no important information leaves your computer.

Proxy can be an encrypted gateway sometimes or a machine in which information is passed to and then to the destination so that you IP looks like its coming from the Proxy and not your machine. The proxy then can have the firewalls to prevent whatever spyware or bad sites and certain port hitting your computer.

you can have different types of proxy's like HTTP, SSH and more.

There are also encrypted gateways like VPN and so on, which can kinda be used as a proxy, but im not going to go into that right now.

Please correct me if im wrong.

Edited October 1, 2008 by offroadaaron