System and method to proxy inbound connections to privately addressed hosts
First Claim
1. A method for establishing an inbound connection from a device on the public network to a device on a private network, said private network using a system of private addressing, said methodology comprising:
- a proxy server apparatus represented by a physical connection to both a public and private network segment with at least one host interface controller to receive and/or transmit data containing message headers, so as to move those messages across networks from a source device on the public network to a destination device on a private network, said device on the private network identified by a private address, and vice versa;
a request receiving means for receiving a plurality of address discovery requests from at least one of a plurality of client apparatuses residing on the public network, and a request receiving means for receiving a plurality of address resolution responses from at least one of a plurality of look-up or name servers residing on the private network;
a means for intercepting the address resolution from the look-up or name server, rewriting any network address that represent a private address listed in an address resolution response and replacing said address with the public address of the proxy server apparatus, assigning a unique port to identify the connection and transmitting the created socket address, including the public IP address of the proxy server apparatus and the dynamically assigned port, to the client;
a redirect methodology of creating means for sequentially mapping a plurality of resolution and access requests, each redirect specifying a reverse or regular mapping, including a methodology for the proxy server apparatus to trap for redirects from said name server or from said device on the private network, and a methodology for the proxy server apparatus to log reverse and regular mapping redirects of the socket address, created by the proxy server, to the hosts private address, provided by the look-up or name server.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for network address translation that enables an inbound connection from the public network to a privately addressed host residing on a private network. The stated invention functions as a reverse proxy mechanism assigning a dynamic port number to uniquely identify each inbound connection from the public network to a host on the private network. The defined proxy device uses regular and reverse mapping and employs use of the passive command to notify the client on the public network of the said unique port number assigned for the inbound connection. When the session is completed, the port is returned to the pool to be reassigned as needed.
-
Citations
5 Claims
-
1. A method for establishing an inbound connection from a device on the public network to a device on a private network, said private network using a system of private addressing, said methodology comprising:
-
a proxy server apparatus represented by a physical connection to both a public and private network segment with at least one host interface controller to receive and/or transmit data containing message headers, so as to move those messages across networks from a source device on the public network to a destination device on a private network, said device on the private network identified by a private address, and vice versa;
a request receiving means for receiving a plurality of address discovery requests from at least one of a plurality of client apparatuses residing on the public network, and a request receiving means for receiving a plurality of address resolution responses from at least one of a plurality of look-up or name servers residing on the private network;
a means for intercepting the address resolution from the look-up or name server, rewriting any network address that represent a private address listed in an address resolution response and replacing said address with the public address of the proxy server apparatus, assigning a unique port to identify the connection and transmitting the created socket address, including the public IP address of the proxy server apparatus and the dynamically assigned port, to the client;
a redirect methodology of creating means for sequentially mapping a plurality of resolution and access requests, each redirect specifying a reverse or regular mapping, including a methodology for the proxy server apparatus to trap for redirects from said name server or from said device on the private network, and a methodology for the proxy server apparatus to log reverse and regular mapping redirects of the socket address, created by the proxy server, to the hosts private address, provided by the look-up or name server. - View Dependent Claims (2, 3, 4, 5)
-
Specification