A circuit level proxy (Generic proxy)
As mentioned circuit level proxy (including generic proxy) is called a packet filter module that allows you disable a firewall on any IP addresses and ports, or can activate, but without the possibility to have to analyze, the packet contents with them.
On such a proxy, which operates on the OSI layer, the packages range from simple sometimes without killing the connections themselves. The circuit level proxy implements the address translation, then uses NAT on the OSI layer 3. During the address filtering, it is also located on the third OSI layer, and also realizes a port filtering on the fourth OSI layer.
There are also circuit level proxies, which are due to a special protocol, to be able to authenticate to the OSI layer 5 to realize. The client then retrieves a connection permit, for example, by entering an ID plus password. This special authentication protocol to know the client is a must, however, why such a more capable circuit level proxy is less generic is difficult to understand (it works only with applications on the client, which have been adapted). An example of such an authentication protocol is called SOCKS. Such an extended circuit level proxy does not necessarily reaches back to NAT. Thus, for example, it terminates the TCP connection, while a UDP connection is simply passed on.
A generic proxy can also be used for a simple redirect. The simplest proxy is the Linux program ‘Redir’ that listens on a port and transmits the data to a different interface and port. This is also possible with the ‘IPTables’ command in Linux and will be used, for example, at the exit traffic of a TOR server using multiple proxy servers to guide, and to protect the TOR server.
A proxy firewall is a firewall which relies on dedicated proxies and circuit level proxies as filter modules. These filter modules are implementing rules, and they will decide what data is forwarded to the actual communication party, and what is not forwarded. In this way, the proxy firewall on its own network attempts (segment) to protect against unauthorized access, but may also make a conversion of data to cache certain content and carry out all other functions.
Dedicated proxy on a stateful inspection firewall
Some manufacturers offer Stateful Inspection Firewall (SIF) which are dedicated to proxies.Since this Firewall type is based on the original concept of checkpoint only to a generic packet filtering, it is exclusively focused on packet filtering rules. So, a SIF is clearly classified as a packet filtering firewall. There is, however, a dedicated proxy enabled, the SIF is actually no packet filtering firewall anymore, and it then belongs to the category of proxy firewall, which performs a stateful packet inspection. This precise distinction is made in the professional world very rarely.
A “transparent proxy” basically consists of two components: First, the router or the ports you want the logs are tapped (for example, through the deployment of a IPTables Redirects) and are then forwarded to a proxy. For the user to connect via a transparent proxy in use, it is indistinguishable from a direct connection through the router. The presence of a transparent proxy, therefore, offers some great benefits.
A proxy shall, in the case of the reverse proxy as a putative target system in appearance, with the address translation is then performed in the opposite direction, so the client hides the true address to the target system. While a typical proxy can be used to allow several clients to its internal (private – self-contained) network to access an external network, a reverse proxy works the other way around.
Reverse Proxy as a firewall, routing module
The reverse proxy firewall initially offer the same functionality as port forwarding, and so allows outside-initiated connection to a server located behind the transmission of the internal network. Once they work as a dedicated proxy, they can understand the network protocol and are then also able to analyze the data of the network packets and process. So, they can implement rules relating to the packet contents.
In contrast, there is also access reverse proxies that are not part of the firewall software, and they still pursue the objective out of the external network to an internal computer, so as to be able to configure the firewall accordingly without manually. In addition, the internal computer first establishes a connection to a specific external computer, whereby the external computer can communicate through the firewall across the internal computer. It runs on the external computer, a reverse proxy, it can now also access any other computer from the external network to the internal computer behind the firewall by directing their requests to the reverse proxy to the external computer to send (the reverse proxy questions to the internal computer on).
Reverse proxy for performance optimization
A completely different task can perform a reverse proxy that receives requests for a service to improve the speed and access rate to the service or to expand functionally. It can be installed locally on the target system, or run on a separate hardware, and for example, works as a HTTP accelerator, also called the Surrogates proxy. Connections from the Internet to a web server to be processed by the proxy, the answers to questions even if they are in their own cache, or otherwise transmit to the downstream services, or to a remote server.