Network Working Group M. Chatel Request for Comments: 1919 Consultant Category: Informational March 1996 Classical versus Transparent IP Proxies Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract Many modern IP security systems (also called "firewalls" in the trade) make use of proxy technology to achieve access control. This document explains "classical" and "transparent" proxy techniques and attempts to provide rules to help determine when each proxy system may be used without causing problems. Table of Contents 1. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Direct communication (without a proxy) . . . . . . . . . . . 3 2.1. Direct connection example . . . . . . . . . . . . . . . . 3 2.2. Requirements of direct communication . . . . . . . . . . . 5 3. Classical application proxies . . . . . . . . . . . . . . 5 3.1. Classical proxy session example . . . . . . . . . . . . . 6 3.2. Characteristics of classical proxy configurations . . . 12 3.2.1. IP addressing and routing requirements . . . . . . . . 12 3.2.2. IP address hiding . . . . . . . . . . . . . . . . . . 14 3.2.3. DNS requirements . . . . . . . . . . . . . . . . . . . 14 3.2.4. Software requirements . . . . . . . . . . . . . . . . 15 3.2.5. Impact of a classical proxy on packet filtering . . . 15 3.2.6. Interconnection of conflicting IP networks . . . . . . 16 4. Transparent application proxies . . . . . . . . . . . . . 19 4.1. Transparent proxy connection example . . . . . . . . . . 20 4.2. Characteristics of transparent proxy configurations . . 26 4.2.1. IP addressing and routing requirements . . . . . . . . 26 4.2.2. IP address hiding . . . . . . . . . . . . . . . . . . 28 4.2.3. DNS requirements . . . . . . . . . . . . . . . . . . . 28 4.2.4. Software requirements . . . . . . . . . . . . . . . . 29 4.2.5. Impact of a transparent proxy on packet filtering . . 30 4.2.6. Interconnection of conflicting IP networks . . . . . . 31 5. Comparison chart of classical and transparent proxies . . 31 6. Improving transparent proxies . . . . . . . . . . . . . . 32 7. Security Considerations . . . . . . . . . . . . . . . . . 34 Chatel Informational