home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 7.4 Using Proxying with Internet Services Chapter 7
Proxy Systems
Next: 7.6 Using SOCKS for Proxying

7.5 Proxying Without a Proxy Server

Some services, particularly the so-called "store-and-forward" services such as SMTP , NNTP , and NTP , naturally support proxying. These services are all designed so that messages (email messages for SMTP , Usenet news postings for NNTP , and clock settings for NTP ) are received by a server and then stored until they can be forwarded to another appropriate server or servers. For SMTP , the messages are forwarded towards an email message's destination. For NNTP and NTP , the messages are forwarded to all neighbor servers. With such a scheme, each intermediate server is effectively acting as a proxy for the original sender or server.

If you examine the "Received:" headers of incoming Internet email (these headers trace a message's path through the network from sender to recipient), you quickly discover that very few messages travel directly from the sender's machine to the recipient's machine. It's far more common these days for the message to pass through at least four machines:

  • The sender's machine

  • The outgoing mail gateway at the sender's site (or the sender's Internet service provider)

  • The incoming mail gateway at the recipient's site

  • Finally, the recipient's machine

Each of the intermediate servers (the mail gateways) is acting as a proxy server for the sender, even though the sender may not be dealing with them directly. Figure 7.2 illustrates this situation.

Figure 7.2: Store-and-forward services (like SMTP ) naturally support proxying

Figure 7.2

Previous: 7.4 Using Proxying with Internet Services Building Internet Firewalls Next: 7.6 Using SOCKS for Proxying
7.4 Using Proxying with Internet Services Book Index 7.6 Using SOCKS for Proxying