Difference between NAT and Proxy.

The connection of a PC connected to a local network with the Internet can be carried out using technologies such as NAT and Proxy. What are they?

What is NAT?

NAT is a technology that allows you to connect PCs united in a local network to the Internet using the mechanism for translating IP addresses (or ports) into a network space outside the LAN. Each PC connected to the local network makes requests to the NAT service, which converts them into those that are addressed to one or another Internet service.

The use of NAT technology, as a rule, involves the use of a separate network device - a router, a server, or, for example, a firewall.

Even if several computers are connected to the Internet using NAT technology at the same time, the online server sees requests from only one IP address - installed on a device that implements NAT algorithms.

There are two main types of the considered technology - Source NAT and Destination NAT.

The first involves replacing the address set for the source of the packet when this packet is transmitted to the destination computer on the Internet and, accordingly, replacing the address set for the destination PC in the local network when sending the packet back. If necessary, the port numbers of the PC in the LAN can also be changed.

Destination NAT technology assumes translation of packets sent to a LAN from an external environment - for example, from an online server, to a specific PC with a local IP address that is not available to the corresponding online server.

The main advantage of using a scheme for connecting a LAN to the Internet through NAT is the centralization of settings for the corresponding service. There is no need to set up any special options on each of the PCs connected to the local network.

What is Proxy?

Proxy is a technology that allows networked PCs to be connected to certain online services through a special gateway that is used by individual applications. That is, to connect the PCs that are part of the LAN to the proxy server on each of them, you need to set the connection settings. Proxy technology is essentially a software service that is loaded on a separate LAN server or on one of the Internet servers.

Computers connected to a LAN request access to online resources not directly, but through the IP address and port of the proxy server. This concept predetermines the existence of some similarity between Proxy and NAT in the sense that the online server sends content at the request of individual PCs to the public IP address specified in the proxy server settings. Of course, proxy servers in some cases can set unique external IP addresses for the connected PCs - but it is practically impossible for them to coincide with the original IP addresses under which the computers are registered in the LAN.

It can be noted that there are purely "online" proxy servers, which are used precisely for the purpose of deliberately masking the IP addresses of computers connecting to the Internet. The principle of their operation is generally similar to that which characterizes the functioning of proxy servers installed on a LAN.

One of the main advantages of using Proxy technology is the ability to cache online content (storing the elements of visited web pages, downloaded files in the server's memory), which makes it possible to speed up Internet access from individual PCs. Other advantages of Proxy are the ability:

  • to control access of individual LAN users to the Internet, filter content and site addresses,
  • install anti-virus software on proxy servers that analyzes outgoing and incoming traffic, which can significantly improve the security of the network.

Proxy technology is considered by many experts as more functional than NAT, since it allows you to implement a wide range of network access control algorithms at the software level.

Comparison

The main difference between NAT and Proxy is in the technological principles of providing simultaneous access to the Internet for several PCs located in the LAN.

If we talk about NAT, then this network connection management standard assumes the use of relatively simpler algorithms - when the address of a PC sending a packet to the Internet changes to the address of a NAT device, which allows the latter to receive a response packet and deliver it to destination. Correction of the sent and received packets is not carried out in this case.

Proxy technology involves the use of more sophisticated mechanisms to ensure the exchange of packets between PCs located in the LAN and online servers. For example, when a proxy server is activated, content can be cached, filtered, scanned for viruses.

Having defined what is the difference between NAT and Proxy, let's capture the main conclusions in a small table.

Table

NAT Proxy
What do they have in common?
Both technologies are used to organize the simultaneous connection to the Internet of several computers united in a local network
Online servers receive requests from IP addresses of a NAT device or proxy server that do not actually match the IP addresses of the computers on which these requests are generated
What is the difference between them?
NAT-device changes the address of the PC sending the packet to the Internet to its own (or specified in the settings), without changing the structure of the request, after which, having received the packet from the online server, delivers it to its destination also unchangedA proxy server, having received a request from a PC sending a packet to the Internet, redirects it to an online server through the set IP address, after which, having received the packet, it delivers it to assignment without changes or by correcting using filters (if necessary, checking with the anti-virus module)
The technology does not require additional network settings to be written on separate PCs within the LANThe technology requires configuration programs used to access the network on each of the PCs on the LAN
.