Network connection through NAT routers and firewall devices
First Claim
1. A system for exchanging communication, comprising:
- a first computing entity located in a first private network;
a second computing entity located in a second private network;
a first firewall device protecting the first private network, the first firewall device being configured to perform network address translation;
a second firewall device protecting the second private network, the second firewall device being configured to perform network address translation; and
a proxy server, the proxy server being a part of neither the first private network nor the second private network;
wherein the first computing entity and the second computing entity are enabled to essentially directly exchange communication packets, the first computing entity being configured to transmit communication packets through the first firewall device to the second computing entity behind the second firewall device and to receive communication packets from the second computing entity transmitted through the second firewall device and the first firewall device, the second computing entity being configured to transmit communication packets through the second firewall device to the first computing entity behind the first firewall device and to receive communication packets from the first computing entity transmitted through the first firewall device and the second firewall device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for communication and data exchange between two or more systems located in separate, private networks with each network behind a firewall device includes establishing communication with a proxy server. A first system and a second system establish a TCP connection with the proxy server. A TCP probing packet is transmitted to expose the port and address mapping of each firewall device for the systems in the network, and the mapping is provided to the systems. The proxy server commands each system to transmit a SYN packet to the other system, and then to transmit a SYN+ACK packet. The proxy server is used to facilitate the systems establishing essentially direct communication, and enables continued TCP data packet exchange without continued involvement of the proxy server.
53 Citations
25 Claims
-
1. A system for exchanging communication, comprising:
-
a first computing entity located in a first private network;
a second computing entity located in a second private network;
a first firewall device protecting the first private network, the first firewall device being configured to perform network address translation;
a second firewall device protecting the second private network, the second firewall device being configured to perform network address translation; and
a proxy server, the proxy server being a part of neither the first private network nor the second private network;
wherein the first computing entity and the second computing entity are enabled to essentially directly exchange communication packets, the first computing entity being configured to transmit communication packets through the first firewall device to the second computing entity behind the second firewall device and to receive communication packets from the second computing entity transmitted through the second firewall device and the first firewall device, the second computing entity being configured to transmit communication packets through the second firewall device to the first computing entity behind the first firewall device and to receive communication packets from the first computing entity transmitted through the first firewall device and the second firewall device. - View Dependent Claims (2, 3, 4)
-
-
5. A method for communication between two or more computers on at least two private networks, a first computer behind a first firewall device and a second computer behind a second firewall device, the method comprising:
-
establishing communication with a proxy server, the first computer and the second computer establishing a TCP connection with the proxy server;
transmitting an TCP SYN probing packet, the first computer and the second computer each transmitting a TCP SYN probing packet to the proxy server;
transitioning the first computer and the second computer to a connection established state according to TCP protocol; and
exchanging TCP data packets between the first computer behind the first firewall device and the second computer behind the second firewall device, the exchanging being essentially direct communication between the first computer behind the first firewall device and the second computer behind the second firewall device. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method of conducting a communication exchange between systems located in separate private networks, each separate private network having a firewall device, the method comprising:
-
establishing a TCP connection between a proxy server and a first system behind a first firewall device;
establishing a TCP connection between a proxy server and a second system behind a second firewall device;
transmitting a SYN packet from the first system to the second system;
transmitting a SYN packet from the second system to the first system;
transmitting a SYN+ACK packet from the first system to the second system;
transmitting a SYN+ACK packet from the second system to the first system; and
exchanging TCP packets between the first system behind the first firewall device and the second system behind the second firewall device. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for establishing a communication link between two or more computers located in separate private networks, each separate private network having a firewall device, the method comprising:
-
establishing a TCP connection between a first computer and a proxy server;
establishing a TCP connection between a second computer and a proxy server;
directing the first computer to transmit a SYN packet to the second computer;
directing the second computer to transmit a SYN packet to the first computer;
directing the first computer to transmit a SYN+ACK packet to the second computer;
directing the second computer to transmit a SYN+ACK packet to the first computer;
receiving the SYN+ACK packet at the second computer;
transitioning to a TCP Connection Established state by the second computer;
directing the first computer to transmit a ACK packet to finish the connection establishment;
receiving the SYN+ACK packet at the first computer;
transitioning to the TCP Connection Established state by the first computer; and
directing the second computer to transmit a ACK packet to finish the connection establishment. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. An integrated circuit chip for establishing data exchange between systems located in separate private networks, each separate private network having a firewall device, the integrated circuit chip comprising:
-
logic for establishing a TCP connection between a first computer and a proxy server;
logic for establishing a TCP connection between a second computer and a proxy server;
logic for directing the first computer to transmit a SYN packet to the second computer;
logic for directing the second computer to transmit a SYN packet to the first computer;
logic for directing the first computer to transmit a SYN+ACK packet to the second computer;
logic for directing the second computer to transmit a SYN+ACK packet to the first computer;
logic for directing the first computer to transmit a ACK packet to finish the connection establishment; and
logic for directing the second computer to transmit a ACK packet to finish the connection establishment, wherein when the second computer receives the SYN+ACK packet transmitted by the first computer, the second computer transitions to a TCP Connection Established state, and when the first computer receives the SYN+ACK packet transmitted by the second computer, the first computer transitions to the TCP Connection Established state.
-
-
25. A computer readable media having program instructions for establishing a communication link between two or more computers located in separate private networks, each separate private network having a firewall device, the computer readable media comprising:
-
program instructions for establishing a TCP connection between a first computer and a proxy server;
program instructions for establishing a TCP connection between a second computer and a proxy server;
program instructions for directing the first computer to transmit a SYN packet to the second computer;
program instructions for directing the second computer to transmit a SYN packet to the first computer;
program instructions for directing the first computer to transmit a SYN+ACK packet to the second computer;
program instructions for directing the second computer to transmit a SYN+ACK packet to the first computer;
program instructions for directing the first computer to transmit a ACK packet to finish the connection establishment; and
program instructions for directing the second computer to transmit a ACK packet to finish the connection establishment, wherein when the second computer receives the SYN+ACK packet transmitted by the first computer, the second computer transitions to a TCP Connection Established state, and when the first computer receives the SYN+ACK packet transmitted by the second computer, the first computer transitions to the TCP Connection Established state.
-
Specification