Proxy Server Network Interface Configuration

ID: Q243078

The information in this article applies to:

Microsoft Proxy Server version 2.0

SUMMARY

This article describes network interface configuration options in Proxy Server 2.0.

MORE INFORMATION

When you use Proxy Server 2.0, you must install and configure two network interfaces on the server. Typically, the network interfaces include:

A network interface card for internal network communication.

An external interface that is a second network adapter, modem, ISDN, frame relay or Asynchronous Transfer Mode (ATM) adapter, or some other type of network connectivity interface.

Guidelines for Configuring Interfaces

Use the following guidelines when you configure your interfaces:

Bind Internet Protocol (IP) to the internal interface. Although it is possible to configure IPX as the only protocol bound to the internal interface, IP is recommended for flexibility and ease of client configuration. You must bind IP to the external interface. For additional information about configuring proxy clients to use IPX, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q167402 Caching Proxy with IPX Only Clients
Q165341 Configuring Proxy Server 1.0 with the IPX Protocol

Do not define an IP default gateway on the internal interface. You can only define a default gateway on the external interface. If your internal network contains subnets, you must create static routes for the internal interface.

You must put the IP addresses of the two interfaces in different IP subnets.

Define only the internal IP subnet in the proxy local address table (LAT). You cannot include external addresses in the LAT. Placing external address in the LAT potentially compromises proxy security because the proxy server detects that the addresses in the LAT are on the internal, private network.

Conditions When One Proxy Interface Is Supported

You only need one network interface when you use the Web Proxy service as a caching-only server or an IPX application-level gateway for NetWare clients. This is only recommended if the proxy server is located behind a firewall on the internal, private network, because you cannot enable packet filtering without an external interface.

NOTE: The Winsock Proxy and Socks Proxy services require two network interfaces.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q161380 Only One Default Gateway Allowed on Proxy Server

Limitations

In versions of Proxy Server 2.0 previous to Service Pack 1 (SP1), you can only bind one IP address to the external network interface if the Packet Filtering feature is enabled. SP1 resolves this problem and lets you bind any number of IPs to the interface.

When you use the Packet Filtering feature, you are still limited to three physical external network interfaces. An external interface is any interface whose IP address is not in the LAT. This can include Ndiswan adapters for Point-to-Point Protocol (PPP) and virtual private network (VPN) connections that are using an external IP address.

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q176922 Multiple IP Addresses Cause Dynamic Packet Filter to Fail

Q238375 Proxy Server 2.0 Service Pack 1: List of Fixes

Additional query words:

Keywords : prodprx2 Prx2Faq
Version : winnt:2.0
Platform : winnt
Issue type : kbhowto