With proper configuration, EZproxy can be used in behind a firewall that employs Network Address Translation (NAT). In a typical NAT environment, your local machines are connected to the Internet through a firewall machine. Your local machines are typically assigned addresses that are valid in your local network, but that are masked by the firewall machine's address when you access machines that are external to your network.
For EZproxy to work behind a NAT firewall, your network administrator must be able to create a static mapping between an external IP address and the internal IP address of your EZproxy server. Also, your firewall must be configured to allow connections on all the ports used by your EZproxy server. Under its default configuration, EZproxy starts at port 2048 and may use additional ports up to port 2248.
In a typical configuration, your EZproxy server's internal address might be 192.168.1.2. Your firewall might be configured to statically map the Internet address 188.8.131.52 to your internal address of 192.168.1.2. If the external 184.108.40.206 address had a name of ezproxy.yourlib.org, then you would need to edit config.txt and add a line like:
This will cause EZproxy to always return the name associated with its external address, which ensures that your remote users will always be brought back to the correct address on your firewall, which should then forward all request through the firewall to your EZproxy server.
EZproxy has a feature to help you determine if there is a firewall between your EZproxy server and the Internet, along with determining whether Network Address Translation is in effect. To test this feature, issue one of these commands:
|./ezproxy -c||(Linux or Solaris)|
This command instructs your EZproxy server to try to contact a script on the Useful Utilities web site. This script then attempts to determine if there are any firewall or address translation issues that must be considered for proper operation of EZproxy. The messages from this script are also logged into messages.txt for later review.