What Is The Circuit Level Proxy?

generic proxy

Circuit Level Proxy Or The Generic Proxy

A circuit-level proxy (also known as a generic proxy) is a packet filter module that can be used to block or enable any IP address and port on a firewall without, however, being able to analyze the contents of the packet.

Such a proxy, operating on OSI layers 3 and 4, sometimes simply passes the packets without terminating the connections themselves. The Circuit Level Proxy then implements the address translation using NAT on the OSI layer 3. While the address filtering is also based on the third OSI layer, it also implements a port filtering on the fourth OSI layer.

There are also Circuit Level Proxies, which can realize an authentication on the OSI layer 5 thanks to a special protocol. The client gets such a connection approval z. B. by entering an identifier and password. However, the client must be aware of this special authentication protocol, which is why such an enabled Circuit Level Proxy is less generic (it only works with applications on the client that have been extended accordingly).

As an example of such an authentication protocol is SOCKS called. Such an extended Circuit Level Proxy does not necessarily rely on NAT. Some of them even make this dependent on the protocol; so z. For example, the TCP connection is terminated while a UDP connection is simply passed.

A generic proxy site can also be used for easy forwarding. The simplest possible proxy is the Linux program Redir, which listens on one interface and one port and forwards the data to another interface and port. This is also possible with the iptables command under Linux and is used, for example, to route the exit traffic of a Tor server across several proxies in order to protect the Tor server.