5

What's the difference between proxy and firewall? And can we integrate a nat or pat into a proxy or firewall?

ChrisF
  • 41,278
  • 17
  • 101
  • 154
samia
  • 87
  • 1
  • 2
  • 3

3 Answers3

5

A Proxy Server is a device that:

acts as an intermediary for requests from clients seeking resources from other servers.

A Firewall is a device that is:

designed to permit or deny network transmissions based upon a set of rules

The former just lets all traffic through regardless of source or destination and is a way of routing requests through known gateways and is often used to allow companies to log network traffic for example.

A proxy may include a firewall as part of it's functionality but it doesn't have to.

I would expect that Network Address Translation (NAT) and Port Address Translation (PAT) - which is basically the same thing - would be functionality that could be built in, but NAPT is more used on routers etc. to:

However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space.

ChrisF
  • 41,278
  • 17
  • 101
  • 154
  • ok! can we integrate a nat/pat into a proxy or firewall? – samia May 09 '11 at 20:59
  • @samia - probably, but I'm not sure what "pat" stands for. – ChrisF May 09 '11 at 21:00
  • @Chris - pat is port address translation. – Matthew May 09 '11 at 21:04
  • @Matt - cheers. – ChrisF May 09 '11 at 21:04
  • @Chrisf (Port Adress Translation) like a nat(Network @ Transltion) used to associate a public adress to private ones to allow access on internet! becoz in our machines we have private @ and to access internet we need a public one!!! That's why a nat/pat are used for ;) – samia May 09 '11 at 21:05
  • @samia - you don't need PAT as such. NATing will do what you need with almost all firewall scenarios – Rory Alsop May 09 '11 at 21:08
  • NAT/PAT is something a router does, not a proxy or firewall. A firewall can block and open ports, the router actually does the traffic direction that you see with NAT/PAT. – MaQleod May 09 '11 at 21:16
  • @Rory: sorry but having a nat in such company is not enough to translate all private @!I think we need a pat to identify the location of a node in a network using its port otherwise when receiving a msg to send it to an x internal machine a nat cannot identify the destination??? If i'm wrong say to me please! – samia May 09 '11 at 21:16
  • Unless you have a very strange port lockdown on your machines NAT will absolutely do what you need. PAT is more for when you have a specific port restriction, but not commonly used the way you are describing – Rory Alsop May 09 '11 at 21:32
  • I can't underestand what you mean? could u pleaz repeate what's the difference between these 2 eqpmnt that you see? – samia May 09 '11 at 21:37
1

And can we integrate a nat or pat into a proxy or firewall?

Yes, Microsoft's Threat Management Gateway (TMG) is an example of a proxy & firewall wrapped into one.

Sathyajith Bhat
  • 61,504
  • 38
  • 179
  • 264
uSlackr
  • 8,955
  • 31
  • 48
1

Proxies are used explicitly, for example a browser is configured to forward http requests to a proxy. A firewall is used implicitly, for example to drop some network connections. NAT works at the network level. NAT uses the same mechanisms as a stateful firewall to let a few machines appear with a single external IP address. Conceptually that makes NAT closer to a firewall. On the other hand the fact that a NAT rewrites packets (changing ports and addresses) is similar to a proxy changing ports and addresses and adjusting headers before relaying a request.

Tobu
  • 2,663
  • 19
  • 22
  • thank u! How to make an internal or a private network more secure, efficient and functional? Do we have to configurate all these equipmnt : PAT/NAT,Proxy,Firewall...??? – samia May 09 '11 at 21:32
  • Not all proxies are explicit. Consider the transparent proxy. Clients are not configured to use it, but their traffic is routed through it. – Xenoactive May 10 '11 at 02:50
  • @Xenoactive This kind of thing needs a different name. The HTTP spec [defines proxies](https://tools.ietf.org/html/rfc2616#section-1.3) as used explicitly, and transparent proxies as proxies that don't alter the requests at all. – Tobu May 10 '11 at 07:53