D-Link DFL-260-IPS-12 Product Manual - Page 339
Anonymizing with NAT, PPTP/L2TP Clients
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 339 highlights
7.2. NAT Chapter 7. Address Translation anonymize traffic between clients and servers across the public Internet so that the client's public IP address is not present in any server access requests or peer to peer traffic. We shall examine the typical case where the NetDefend Firewall acts as a PPTP server and terminates the PPTP tunnel for PPTP clients. Clients that wish to be anonymous, communicate with their local ISP using PPTP. The traffic is directed to the anonymizing service provider where a NetDefend Firewall is installed to act as the PPTP server for the client, terminating the PPTP tunnel. This arrangement is illustrated in the diagram below. Figure 7.3. Anonymizing with NAT NetDefendOS is set up with NAT rules in the IP rule set so it takes communication traffic coming from the client and NATs it back out onto the Internet. Communication with the client is with the PPTP protocol but the PPTP tunnel from the client terminates at the firewall. When this traffic is relayed between the firewall and the Internet, it is no longer encapsulated by PPTP. When an application, such as a web server, now receives requests from the client it appears as though they are coming from the anonymizing service provider's external IP address and not the client's IP. The application therefore sends its responses back to the firewall which relays the traffic back to the client through the PPTP tunnel. The original IP address of the client is not revealed in traffic as it is relayed beyond the termination of the PPTP tunnel at the NetDefendOS. Typically, all traffic passes through the same physical interface and that interface has a single public IP address. Multiple interfaces could be used if multiple public IP addresses are available. There is clearly a small processing overhead involved with anonymizing traffic but this need not be an issue if sufficient hardware resources are employed to perform the anonymizing. This same technique can also be used with L2TP instead of PPTP connections. Both protocols are discussed further in Section 9.5.4, "PPTP/L2TP Clients". 339