Microsoft KB Archive/243078

From BetaArchive Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Article ID: 243078

Article Last Modified on 11/1/2006



APPLIES TO

  • Microsoft Proxy Server 2.0 Standard Edition



This article was previously published under Q243078

SUMMARY

This article describes network interface configuration options in Proxy Server 2.0.

MORE INFORMATION

When you use Proxy Server 2.0, you must install and configure two network interfaces on the server. Typically, the network interfaces include:

  • A network interface card for internal network communication.
  • An external interface that is a second network adapter, modem, ISDN, frame relay or Asynchronous Transfer Mode (ATM) adapter, or some other type of network connectivity interface.

Guidelines for Configuring Interfaces

Use the following guidelines when you configure your interfaces:

  • Bind Internet Protocol (IP) to the internal interface. Although it is possible to configure IPX as the only protocol bound to the internal interface, IP is recommended for flexibility and ease of client configuration. You must bind IP to the external interface. For additional information about configuring proxy clients to use IPX, click the article numbers below to view the articles in the Microsoft Knowledge Base:

    167402 Caching Proxy with IPX Only Clients

    165341 Configuring Proxy Server 1.0 with the IPX Protocol

  • Do not define an IP default gateway on the internal interface. You can only define a default gateway on the external interface. If your internal network contains subnets, you must create static routes for the internal interface.
  • You must put the IP addresses of the two interfaces in different IP subnets.
  • Define only the internal IP subnet in the proxy local address table (LAT). You cannot include external addresses in the LAT. Placing external address in the LAT potentially compromises proxy security because the proxy server detects that the addresses in the LAT are on the internal, private network.

Conditions When One Proxy Interface Is Supported

You only need one network interface when you use the Web Proxy service as a caching-only server or an IPX application-level gateway for NetWare clients. This is only recommended if the proxy server is located behind a firewall on the internal, private network, because you cannot enable packet filtering without an external interface.

NOTE: The Winsock Proxy and Socks Proxy services require two network interfaces.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

161380 Only One Default Gateway Allowed on Proxy Server


Limitations

In versions of Proxy Server 2.0 previous to Service Pack 1 (SP1), you can only bind one IP address to the external network interface if the Packet Filtering feature is enabled. SP1 resolves this problem and lets you bind any number of IPs to the interface.

When you use the Packet Filtering feature, you are still limited to three physical external network interfaces. An external interface is any interface whose IP address is not in the LAT. This can include Ndiswan adapters for Point-to-Point Protocol (PPP) and virtual private network (VPN) connections that are using an external IP address.

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

176922 Multiple IP Addresses Cause Dynamic Packet Filter to Fail


238375 Proxy Server 2.0 Service Pack 1: List of Fixes



Additional query words: nic

Keywords: kbhowto KB243078