The ideas behind NAT became popularized in early firewall solutions. These early firewalls were mostly proxy-based. A good example is the FireWall ToolKit (FWTK). A proxy (in the firewall context) is a piece of software that fetches some information on behalf of a client, such as a Web page. The client computer asks the proxy for a particular Web page (it gives it the URL) and awaits reply. The proxy will then fetch the Web page, and return it to the client.

What's the point of that? First, the administrator of the proxy can often program a list of things the client isn't allowed to do. For example, if it's a Web proxy at a company, the proxy administrator may choose to block access to www.playboy.com. Second, the proxy might be able to perform some caching or other optimization. If 50 people visit www.syngress.com every day, the proxy could keep a copy of the Web page, and when a client asks for it, all the proxy has to do is check if there have been any changes. If not, it passes along the copy has stored, and the client typically gets to see the page more quickly.

Usually in this type of proxy configuration, the clients have been blocked from retrieving Web pages from the Internet directly, so they are forced to use the proxy if they want to view Web pages. This is often done with packet filtering on the router. Simply stated, the router...