• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】透明代理是什么

问答 admin 1年前 (2020-09-06) 293次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

透明代理的意思是客户端根本不需要知道有代理服务器的存在,它改变你的request fields(报文),并会传送真实IP,多用于路由器的NAT转发中。注意,加密的透明代理则是属于匿名代理,意思是不用设置使用代理。

Transparent proxy means that the client does not need to know that there is a proxy server at all. It changes your request fields and will transmit the real IP, which is mostly used in NAT forwarding of routers. Note that the encrypted transparent proxy belongs to anonymous proxy, which means there is no need to set up a proxy.

透明代理的意思是客户端根本不需要知道有代理服务器的存在,它改变你的 request fields(报文),并会传送真实 IP,多用于路由器的 NAT 转发中。注意,加密的透明代理则是属于匿名代理,意思是不用设置使用代理了,例如 Garden 2 程序。

Transparent proxy means that the client does not need to know that there is a proxy server at all. It changes your request fields and will transmit the real IP, which is mostly used in NAT forwarding of routers. Note that the encrypted transparent proxy belongs to the anonymous proxy, which means there is no need to set up the proxy, such as the garden 2 program.

防火墙的透明模式

Transparent mode of firewall

随着防火墙技术的发展,安全性高、操作简便、界面友好的防火墙逐渐成为市场热点。在这种情况下,可以大大简化防火墙设置、提高安全性能的透明模式和透明代理就成为衡量产品性能的重要指标。于是在推荐产品的过程中,很多厂商往往会介绍自己的产品实现了透明模式和透明代理。那么究竟什么是透明模式和透明代理呢?他们之间又有何关系呢?下面我们将做具体分析。 透明模式,顾名思义,首要的特点就是对用户是透明的(Transparent),即用户意识不到防火墙的存在。要想实现透明模式,防火墙必须在没有 IP 地址的情况下工作,不需要对其设置 IP 地址,用户也不知道防火墙的 IP 地址。

With the development of firewall technology, firewall with high security, easy operation and friendly interface has gradually become a hot spot in the market. In this case, transparent mode and transparent agent, which can greatly simplify the firewall settings and improve the security performance, become an important indicator to measure the product performance. Therefore, in the process of recommending products, many manufacturers often introduce their products to achieve transparent mode and transparent agent. So what is transparent mode and transparent proxy? What is the relationship between them? Next, we will make a specific analysis. Transparent mode, as the name suggests, is transparent to users, that is, users are not aware of the existence of firewalls. In order to realize the transparent mode, the firewall must work without IP address. There is no need to set IP address for firewall, and users do not know the IP address of firewall.

防火墙作为实际存在的物理设备,其本身也起到路由的作用,所以在为用户安装防火墙时,就需要考虑如何改动其原有的网络拓扑结构或修改连接防火墙的路由表,以适应用户的实际需要,这样就增加了工作的复杂程度和难度。但如果防火墙采用了透明模式,即采用无 IP 方式运行,用户将不必重新设定和修改路由,防火墙就可以直接安装和放置到网络中使用,如交换机一样不需要设置 IP 地址。

As the actual physical equipment, firewall itself also plays the role of routing, so when installing firewall for users, it is necessary to consider how to change the original network topology or modify the routing table connecting the firewall to meet the actual needs of users, which increases the complexity and difficulty of the work. However, if the firewall adopts transparent mode, that is, it runs without IP, users will not have to reset and modify the route, and the firewall can be directly installed and placed in the network for use, like the switch, there is no need to set IP address.

透明模式的防火墙就好象是一台网桥(非透明的防火墙好象一台路由器),网络设备(包括主机、路由器、工作站等)和所有计算机的设置(包括 IP 地址和网关)无须改变,同时解析所有通过它的数据包,既增加了网络的安全性,又降低了用户管理的复杂程度。

A transparent firewall is like a bridge (a non transparent firewall is like a router). The settings of network equipment (including host, router, workstation, etc.) and all computers (including IP address and gateway) need not be changed. At the same time, all packets passing through it are analyzed, which not only increases the security of the network, but also reduces the complexity of user management.

而与透明模式在称呼上相似的透明代理,和传统代理一样,可以比包过滤更深层次地检查数据信息,比如 FTP 包的 port 命令等。同时它也是一个非常快的代理,从物理上分离了连接,这可以提供更复杂的协议需要,例如带动态端口分配的 H.323,或者一个带有不同命令端口和数据端口的连接。这样的通信是包过滤所无法完成的。

The transparent agent, which is similar to the transparent mode in terms of appellation, can check the data information more deeply than packet filtering, such as the port command of FTP packet. It is also a very fast proxy that physically separates connections, which can provide more complex protocol requirements, such as H.323 with dynamic port assignment, or a connection with different command ports and data ports. Such communication cannot be accomplished by packet filtering.

防火墙使用透明代理技术,这些代理服务对用户也是透明的,用户意识不到防火墙的存在,便可完成内外网络的通讯。当内部用户需要使用透明代理访问外部资源时,用户不需要进行设置,代理服务器会建立透明的通道,让用户直接与外界通信,这样极大地方便了用户的使用。

Firewall uses transparent proxy technology, these proxy services are also transparent to users. If users are not aware of the existence of firewall, they can complete the communication between internal and external networks. When internal users need to use transparent proxy to access external resources, users do not need to set up, the proxy server will establish a transparent channel, allowing users to communicate directly with the outside world, which greatly facilitates the use of users.

一般使用代理服务器时,每个用户需要在客户端程序中指明要使用代理,自行设置 Proxy 参数(如在浏览器中有专门的设置来指明 HTTP 或 FTP 等的代理)。而透明代理服务,用户不需要任何设置就可以使用代理服务器,简化了网络的设置过程。

Generally, when using proxy server, each user needs to specify the proxy to be used in the client program and set the proxy parameters by himself (for example, there are special settings in the browser to indicate HTTP or FTP proxy). The transparent proxy service can use proxy server without any settings, which simplifies the process of network setting.

透明代理的原理如下:假设 A 为内部网络客户机,B 为外部网络服务器,C 为防火墙。当 A 对 B 有连接请求时,TCP 连接请求被防火墙截取并加以监控。截取后当发现连接需要使用代理服务器时,A 和 C 之间首先建立连接,然后防火墙建立相应的代理服务通道与目标 B 建立连接,由此通过代理服务器建立 A 和目标地址 B 的数据传输途径。从用户的角度看,A 和 B 的连接是直接的,而实际上 A 是通过代理服务器 C 和 B 建立连接的。反之,当 B 对 A 有连接请求时原理相同。由于这些连接过程是自动的,不需要客户端手工配置代理服务器,甚至用户根本不知道代理服务器的存在,因而对用户来说是透明的。

The principle of transparent proxy is as follows: suppose a is the internal network client, B is the external network server, and C is the firewall. When a has connection request to B, TCP connection request is intercepted by firewall and monitored. After interception, when it is found that the connection needs to use a proxy server, a connection is established between a and C first, and then the firewall establishes the corresponding proxy service channel to establish a connection with the target B. thus, the data transmission path between a and target address B is established through the proxy server. From the user’s point of view, the connection between a and B is direct. In fact, a connects with B through proxy server C. On the contrary, when B has connection request to a, the principle is the same. Because the connection process is automatic, the client does not need to manually configure the proxy server, even the user does not know the existence of the proxy server, so it is transparent to the user.

代理服务器

proxy server

代理服务器可以做到内外地址的转换,屏蔽内部网的细节,使非法分子无法探知内部结构。代理服务器提供特殊的筛选命令,可以禁止用户使用容易造成攻击的不安全的命令,从根本上抵御攻击。

The proxy server can achieve the conversion of internal and external addresses, shield the details of the internal network, so that illegal elements can not detect the internal structure. The proxy server provides special filtering commands, which can prevent users from using unsafe commands that are easy to cause attacks, and resist attacks fundamentally.

防火墙使用透明代理技术,还可以使防火墙的服务端口无法探测到,也就无法对防火墙进行攻击,大大提高了防火墙的安全性与抗攻击性。透明代理避免了设置或使用中可能出现的错误,降低了防火墙使用时固有的安全风险和出错概率,方便用户使用。

Using transparent proxy technology, firewall can not detect the service port of the firewall, which can not attack the firewall, which greatly improves the security and anti attack of the firewall. Transparent proxy can avoid errors in setting or using, reduce the inherent security risk and error probability of firewall, and make it convenient for users.

因此,透明代理与透明模式都可以简化防火墙的设置,提高系统安全性。但两者之间也有本质的区别:工作于透明模式的防火墙使用了透明代理的技术,但透明代理并不是透明模式的全部,防火墙在非透明模式中也可以使用透明代理。值得注意的是,虽然国内市场上很多防火墙产品都可提供透明代理访问机制,但真正实现透明模式的却不多——有很多厂商都宣称自己的防火墙产品实现了透明模式,但在实际应用中,他们往往做不到这一点,而只是实现了透明代理。当然,市场上也有很多产品能真正提供透明模式,如 Netscreen、东方龙马、清华紫光等防火墙产品。

Therefore, both transparent proxy and transparent mode can simplify the setting of firewall and improve system security. But there are also essential differences between the two: firewall working in transparent mode uses transparent proxy technology, but transparent proxy is not the whole of transparent mode, firewall can also use transparent proxy in non transparent mode. It is worth noting that although many firewall products in the domestic market can provide transparent proxy access mechanism, there are not many companies that really implement the transparent mode. Many manufacturers claim that their firewall products have implemented the transparent mode, but in practical applications, they often fail to achieve this, and only achieve transparent proxy. Of course, there are many products on the market that can really provide transparent mode, such as NetScreen, Dongfang Longma, Tsinghua Ziguang and other firewall products.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】透明代理是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址