When a new incoming connection arrives, it is blocked by the routers firewall, if there are no instructions of some service running in local network:
Installation of proxy service alone is not enough. NAT device (router) has to be configured, too. Configured NAT port, that forwards connection to the proxy service is shown as yellow diamond on the picture:
All incoming connections are routed to the proxy now; and from proxy on, through NAT device to the server. Note, that there is no NAT configuration needed for outgoing connections. By default, routers are capable of automatically creating NAT session for all outgoing TCP connections.
As long as serving machine for proxy is behind a NAT device, configuration of the NAT device is needed or else proxy cannot work.
The second issue is control. If you offer proxy services to other people/users/customers, then you would like to have some sort of control over who uses them. This is solved usually by password protecting proxies; but passwords (as the proxy addresses) can be easily given/leaked/sold to third non-authorized users.
Both issues are effectively resolved by using reverse proxy model.
No comments:
Post a Comment