Router, Gateway, Proxy, Cache

At 10.46 AM on 11/12/98, Evan Trent wrote:

Just go take a look at Vicom... they have Internet Gateway, SoftRouter, and a host of other products you can use for this sort of thing.

For more server-centric configurations, you should also check out IPNetRouter from Sustainable Softworks:

<http://www.sustworks.com/>

In my experience, their software is much more frequently updated with new features and power-user (read: server-oriented) options. On the other hand, Vicom's stuff is more point-and-shoot for simple client-oriented networks.

IPNetRouter is $89, Vicom Internet Gateway is $215 - $730, depending on the "number of users."

The term proxy server here is somewhat incorrect. I'm not sure why this term has been adopted by all these different scenarios, but in this case you're looking for a gateway, not a server upgrade or modification of your server's functionality. You're looking to perform a function entirely independent of your web/information server. You're simply zoning your LAN and WAN separately.

There are four kinds of widgets that people might call proxies. Note that the term "widget" below may be either software, hardware, or a combination.

1. A router is a widget that sends packets back and forth between multiple network segments (i..e., between ethernet, ADSL, and LocalTalk networks all coming in to the same machine, but possibly on different ports or cards). The widget may choose to filter out some packets and not route them.
   
   Important characteristic: multiple networks attached.
   
2. A gateway is widget that translates data from one protocol (like TCP/IP) to another protocol (like AppleTalk) as it flies past. The widget may also choose to not translate some packets, and filter them out.
   
   Important characteristic: protocol translation.
    
3. A proxy is a widget that receives requests with its left hand (usually from one network), and then launches similar requests with its right hand (usually on a different network). As the results arrive back at the right hand, they are copied over to the still-waiting left hand and returned to the original client. (It acts as a server with its left hand, and as a client with its right hand.) The widget may filter out certain requests or certain responses and not copy them from hand to hand.
   
   Important characteristic: acts as both client and server.
   
   When a proxy operates at the packet level it is a transparent proxy, and the clients usually don't know that there's a proxy involved.
    
4. A cache is a widget that receives requests and either responds directly from it's own store of information, or forwards the requests "upstream" to another server. When data comes back from the upstream server, this widget keeps a copy of the data for itself, and also returns the data to the original client.
   
   Important characteristic: data stored locally.

Vicom's SurfDoubler and Internet Gateway (VIG) are a combination: they acts as a router for connecting different networks and as a a gateway, since it can convert TCP/IP to PPP. In some ways, it is also a transparent proxy, since it lets many clients share the same Internet IP address. It filters some requests based on a naughty-site list; it does not filter the responses it gets back from the Web.

IPNetRouter is also a combination: it is a router for connecting multiple networks, and a transparent proxy (virtual IP addresses), but it is not a gateway to PPP. It relies on Apple's PPP stack rather than providing its own protocol translation. It does not filter Web pages.

WebSTAR 3.0's "Proxy Plug-in" is a proxy (it forwards HTTP requests to other Web servers and returns the results to you), and a cache, since it also keeps copies of some of the files. It's a caching proxy {server}.

Maxum's new WebDoubler is also a caching proxy that can also act as a router, creating a network of virtual IP addresses for all your Web browsing clients. It filters both the requests being made (ie, naughty-site list) and the Web pages that are returned (based on actual Web content.)

A "firewall" is a fancy name for a security-oriented router anr/or proxy widget with heavy logging and filtering. Open Door Networks' DoorStop is a firewall.

So, if you want to connect an ADSL line (which usually has an ethernet connection) to your Web server and also be able to use other machines in your location as Web clients, you need either of the Vicom products or Sustainable Softworks' IPNetRouter.

You will also need a second ethernet card for your server: ADSL comes in on Ethernet #1, packets get wrangled appropriately by IPNetRouter or VIG. Some packets (inbound web server requests) get delivered to WebSTAR, and some get routed onto Ethernet #2, where you have one or more additional computers with either real or virtual IP addresses.

There's no need to get WebSTAR 3 or WebDoubler for this, unless you have several people who will be browsing at once, and you want the acceleration of a caching proxy. (And if you do have mulitple surfers, WebDoubler will be significantly faster than WebSTAR as a proxy server for architectural reasons: see

<http://www.maxum.com/webdoubler/faq/performance.html>

for the performance architecture details.)

For my money, I'd go with IPNetRouter for an ISDN or ADSL connection, and with Vicom SurfDoubler for an analog modem connection. Just personal preferences.

-Mark

PS. At our office, we surf through Maxum's WebDoubler for the extra speed.

---

BECAUSE SPEED MATTERS. ClearWay NITRO accelerates WebSTAR up to 200%. Download a free demo right now and see! <http://www.clearway.com/NITRO/>

---