Internet protocol filter
DC CAFCFirst Claim
1. A method of interfacing private and public data communications networks, through a filter node in communication with both networks, the filter node having an address known in the public network, comprising the steps of:
- routing from nodes in the private network, to the filter node, outgoing data packets having destination information, which includes a destination address and a destination port, corresponding to nodes in the public network and having source information, which includes a source address and a source port, of the respective private network nodes;
for each outgoing data packet received from the private network, at the filter node, maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node, and replacing in the outgoing data packet the source address with the filter node address and the source port with the filter node port value; and
routing from the filter node, to nodes in the public network, the outgoing data packets having the replaced source information, according to the destination information in each, to the corresponding public network nodes.
20 Assignments
Litigations
6 Petitions
Accused Products
Abstract
The IP filter, embodying the present invention, is a communications device designed to provide public network or Internet access to nodes of private networks, advantageously without requiring the private nodes on such networks to register public Internet addresses. The IP filter presents a single IP address to the Internet and uses a plurality of IP ports to solve the problem of IP address conservation. It initiates sessions by assigning private side IP sessions to a unique port of the IP filter'"'"'s public address. The IP filter effects a translation between a source port number for the private network and a destination port number for the public network for communication therebetween. Benefits of the IP filter include private node security and conservation of Internet-registered addresses.
-
Citations
32 Claims
-
1. A method of interfacing private and public data communications networks, through a filter node in communication with both networks, the filter node having an address known in the public network, comprising the steps of:
-
routing from nodes in the private network, to the filter node, outgoing data packets having destination information, which includes a destination address and a destination port, corresponding to nodes in the public network and having source information, which includes a source address and a source port, of the respective private network nodes; for each outgoing data packet received from the private network, at the filter node, maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node, and replacing in the outgoing data packet the source address with the filter node address and the source port with the filter node port value; and routing from the filter node, to nodes in the public network, the outgoing data packets having the replaced source information, according to the destination information in each, to the corresponding public network nodes. - View Dependent Claims (2, 3, 4, 5, 9)
-
-
6. A method of interfacing private and public data communications networks, through a filter node in communication with both networks, the filter node having an address known in the public network, comprising the steps of:
-
routine from nodes in the private network, to the filter node, outgoing data packets having destination information, which includes a destination address and a destination port, corresponding to nodes in the public network and having source information, which includes a source address and a source port, of the respective private network nodes; for each outgoing data packet received from the private network, at the filter node, maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node, and replacing in the outgoing data packet the source address with the filter node address and the source port with the filter node port value; routing from the filter node, to nodes in the public network, the outgoing data packets having the replaced source information, according to the destination information in each, to the corresponding public network nodes; routing from nodes in the public network, to the filter node, incoming data packets each having the address of the filter node as the destination address; for each incoming data packet received from the public network, at the filter node, correlating the destination port of the destination information in the incoming data packet to particular source information being maintained and replacing, in the incoming data packet, the destination information with the particular source information; routing from the filter node, in the private network, the incoming data packets having the replaced destination information to the corresponding private network nodes; ignoring by the filter node any incoming data packet received from the public network, if the destination port of the destination information in that incoming data packet can not be correlated to the maintained source information, wherein maintaining the source information includes storing the source information from each outgoing data packet as an entry in a lookup table, and the filter node port value correlating to the source information constitutes an index into the table for that entry; wherein the incoming and outgoing data packets include packets in accordance with a transmission control protocol (TCP) over an internet protocol (IP); and receiving at the filter node an outgoing TCP packet from the private network; and
if an entry corresponding to the outgoing TCP packet is not found in the lookup table and the outgoing TCP packet indicates that this is a connection request, storing the source information together with the destination information from the outgoing TCP packet as a new entry in the lookup table. - View Dependent Claims (7, 8)
-
-
10. A method of interfacing private and public data communications networks, through a filter node in communication with both networks, the filter node having an address known in the public network, comprising the steps of:
-
routing from nodes in the private network, to the filter node, outgoing data packets having destination information, which includes a destination address and a destination port, corresponding to nodes in the public network and having source information, which includes a source address and a source port, of the respective private network nodes; for each outgoing data packet received from the private network, at the filter node, maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node, and replacing in the outgoing data packet the source address with the filter node address and the source port with the filter node port value; routing from the filter node, to nodes in the public network, the outgoing data packets having the replaced source information, according to the destination information in each, to the corresponding public network nodes; routing from nodes in the public network, to the filter node, incoming data packets each having the address of the filter node as the destination address; for each incoming data packet received from the public network, at the filter node, correlating the destination port of the destination information in the incoming data packet to particular source information being maintained and replacing, in the incoming data packet, the destination information with the particular source information; routing from the filter node, in the private network, the incoming data packets having the replaced destination information to the corresponding private network nodes; ignoring by the filter node any incoming data packet received from the public network, if the destination port of the destination information in that incoming data packet can not be correlated to the maintained source information, wherein maintaining the source information includes storing the source information from each outgoing data packet as an entry in a lookup table, and the filter node port value correlating to the source information constitutes an index into the table for that entry; wherein the data packets include packets in accordance with a user datagram protocol (UDP) over an internet protocol (IP); and receiving at the filter node a UDP data packet from the private network, and adding the source information and the destination information from the UDP packet together with an interval indication for an expiration timer as a new entry in the lookup table.
-
-
11. A method of interfacing private and public data communications networks, through a filter node in communication with both networks, comprising the steps of:
-
(a) receiving at the filter node, from the private network, a data packet having a destination address corresponding to a node in the public network and a source address corresponding to a node in the private network; (b) maintaining, by the filter node, the source address taken from the data packet; (c) replacing, in the data packet, the source address with an address of the filter node, wherein the source address includes a port number of the node in the private network and the address of the filter node includes a port number of the filter node; (d) routing from the filter node, in the public network, the data packet having the replaced source address, according to the destination address, to the corresponding public node network; (e) waiting for a return packet from the public network, responsive to the data packet having the replaced source information; (f) replacing, in the return packet, the destination address with the maintained source address; and (g) routing from the filter node, in the private network, the return packet having the replaced destination address to the corresponding private network node. - View Dependent Claims (12, 13)
-
-
14. A method of operating a filter node for interfacing first and second data communications networks, comprising the steps of:
-
receiving from the first network, an outgoing data packet having destination information, which includes a destination address and a destination port, corresponding to a node in the second network and having source information, which includes a source address and a source port, corresponding to a node in the first network; maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node; replacing in the outgoing data packet the source address with an address of the filter node and the source port with the filter node port value; and sending to the second network the outgoing data packet having the replaced source information, whereby the packet is routed according to its destination information to the corresponding second network node. - View Dependent Claims (15, 16, 17, 18, 22)
-
-
19. A method of operating a filter node for interfacing first and second data communications networks comprising the steps of:
-
receiving from the first network, an outgoing data packet having destination information, which includes a destination address and a destination port, corresponding to a node in the second network and having source information, which includes a source address and a source port, corresponding to a node in the first network; maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node; replacing in the outgoing data packet the source address with an address of the filter node and the source port with the filter node port value; sending to the second network the outgoing data packet having the replaced source information, whereby that packet is routed according to its destination information to the corresponding second network node, receiving from the second network, an incoming data packet having the address of the filter node as the destination address; correlating the destination port of the destination information in the incoming data packet to particular source information being maintained; replacing, in the incoming data packet, the destination information with the particular source information; sending to the first network the incoming data packet having the replaced destination information whereby that packet is routed according to its destination information to the corresponding first network node; ignoring the incoming data packet received from the second network, if the destination port of the destination information in that data packet can not be correlated to the maintained source information, wherein maintaining the source information includes storing the source information from the outgoing data packet as an entry in a lookup table, and the filter node port value correlating to the source information constitutes an index into the table for that entry wherein the incoming and outgoing data packets include packets in accordance with a transmission control protocol (TCP) over an internet protocol (IP); and receiving an outgoing TCP packet from the first network; and
if an entry corresponding to the outgoing TCP packet is not found in the lookup table and the outgoing TCP packet indicates that this is a connection request, storing the source information together with the destination information from the TCP packet as a new entry in the lookup table. - View Dependent Claims (20, 21)
-
-
23. A method of operating a filter node for interfacing first and second data communications networks, comprising the steps of:
-
receiving from the first network, an outgoing data packet having destination information, which includes a destination address and a destination port, corresponding to a node in the second network and having source information, which includes a source address and a source port, corresponding to a node in the first network; maintaining the source information taken from the outgoing data packet in correlation with a unique value representing a port of the filter node; replacing in the outgoing data packet the source address with an address of the filter node and the source port with the filter node port value; sending to the second network the outgoing data packet having the replaced source information, whereby that packet is routed according to its destination information to the corresponding second network node; receiving from the second network, an incoming data packet having the address of the filter node as the destination address; correlating the destination port of the destination information in the incoming data packet to particular source information being maintained; replacing, in the incoming data packet, the destination information with the particular source information; sending to the first network the incoming data packet having the replaced destination information, whereby that packet is routed according to its destination information to the corresponding first network node; and ignoring the incoming data packet received from the second network, if the destination port of the destination information in that data packet can not be correlated to the maintained source information, wherein maintaining the source information includes storing the source information from the outgoing data packet as an entry in a lookup table, and the filter node port value correlating to the source information constitutes an index into the table for that entry; wherein the outgoing and incoming data packets include packets in accordance with a user datagram protocol (UDP) over an internet protocol (IP); and receiving a UDP data packet from the first network, and adding the source information and the destination information from the UDP packet together with an interval indication for an expiration timer as a new entry in the lookup table.
-
-
24. A method of operating a filter node for interfacing first and second data communications networks, comprising the steps of:
-
(a) receiving from the first network, a data packet having a destination address corresponding to a node in the second network and a source address corresponding to a node in the first network; (b) maintaining the source address taken from the data packet; (c) replacing, in the data packet, the source address with an address of the filter node, wherein the source address includes a source port number and the address of the filter node includes a port number of the filter node; (d) sending to the second network the data packet having the replaced source address, whereby that packet is routed to the corresponding second network node; (e) receiving a return packet from the second network, responsive to the data packet having the replaced source information; (f) replacing, in the return packet, the destination address with the maintained source address; and (g) sending to the first network the return packet having the replaced destination address, whereby that packet is routed to the corresponding first network node. - View Dependent Claims (25, 26)
-
-
27. A filter node for interfacing first and second data communications networks, comprising:
-
means for receiving from the first network, a data packet having destination information, which includes a destination address and a destination port, corresponding to a node in the second network and having source information, which includes a source address and a source port, corresponding to a node in the first network; means for maintaining the source information taken from the data packet in correlation with a unique value representing a port of the filter node; means for replacing in the data packet the source address with an address of the filter node and the source port with the filter node port value; and means for sending to the second network, the data packet having the replaced source information, whereby that packet is routed according to its destination information to the corresponding second network node. - View Dependent Claims (28, 29, 30)
-
-
31. A filter node for interfacing first and second data communications networks, comprising:
-
(a) means for receiving from the first network, a data packet having a destination address corresponding to a node in the second network; (b) means for maintaining the source address taken from the data packet; (c) means for replacing, in the data packet, the source address with an address of the filter node, wherein the source address includes a source port number and the address of the filter node includes a port number of the filter node; (d) means for sending to the second network the data packet having the replaced source address, whereby that packet is routed to the corresponding second network node; (e) means for receiving a return packet from the second network, responsive to the data packet having the replaced source information; (f) means for replacing, in the return packet, the destination address with the maintained source address; and (g) means for sending to the first network the return packet having the replaced destination address, whereby that packet is routed to the corresponding the first network node. - View Dependent Claims (32)
-
Specification