Ipnet gateway
DC CAFCFirst Claim
1. A method for establishing communication with a first entity inside a network, comprising the steps of:
- receiving a first address request originating from outside said network, said first address request includes a request for an address of said first entity, said first address request identifies said first entity with a domain name for said first entity;
responding to said first address request, including providing a first address that is not unique to said first entity within said network;
receiving a request for communication with said first entity, said request for communication is from a second entity; and
establishing communication between said first entity and said second entity if said second entity caused said first address request.
7 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
The IPNet Gateway (IPNGw) is a new technology that maps multiple servers on a private IP network to a single IP address on the Internet. As requests come in for DNS resolution of the server'"'"'s domain name, the IPNet Gateway records the domain of the requesting client and the name of the requested server, and returns its own address as the destination address for the requested domain name. This DNS response is set as non-cacheable to prevent the association between the IPNGw IP address and the domain name of the target server beyond the anticipated following transaction from the client. As soon as the IPNGw responds to the DNS request it enters into a waiting state anticipating a connection from the client to the specific server identified in the DNS request. Subsequently, the client establishes a connection with the IPNGw, which in turn relays the connection request to the server.
-
Citations
38 Claims
-
1. A method for establishing communication with a first entity inside a network, comprising the steps of:
-
receiving a first address request originating from outside said network, said first address request includes a request for an address of said first entity, said first address request identifies said first entity with a domain name for said first entity;
responding to said first address request, including providing a first address that is not unique to said first entity within said network;
receiving a request for communication with said first entity, said request for communication is from a second entity; and
establishing communication between said first entity and said second entity if said second entity caused said first address request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
said first address request is a DNS request.
-
-
3. A method according to claim 1, wherein:
said step of receiving a request for communication includes receiving a request for a TCP connection.
-
4. A method according to claim 1, wherein:
said step of receiving a request for communication includes receiving a UDP packet.
-
5. A method according to claim 1, wherein:
said step of establishing communication includes establishing a TCP connection.
-
6. A method according to claim 1, wherein:
said step of establishing communication includes relaying a UDP packet.
-
7. A method according to claim 1, wherein:
said step of establishing communication includes establishing a SMTP connection.
-
8. A method according to claim 1, wherein:
said step of establishing communication includes establishing a FTP connection.
-
9. A method according to claim 1, wherein:
-
said step of receiving a first address request includes receiving a DNS request from a DNS server;
said first address is an IP address for a gateway; and
said second entity caused said first address request if said second entity requested said first entity'"'"'s address from said DNS server.
-
-
10. A method according to claim 9, wherein:
said step of establishing communication includes determining whether said second entity has said DNS server as a DNS authority.
-
11. A method according to claim 10, wherein:
said step of determining whether said second entity has said DNS server as a DNS authority includes sending a DNS request to determine said second entity'"'"'s DNS authority.
-
12. A method according to claim 10 wherein:
-
said step of receiving a request for a communication includes receiving a requesting address;
said step of determining whether said second entity has said DNS server as a DNS authority includes sending a DNS request for an “
A”
type record based on said requesting address, receiving a response to said DNS request for an “
A”
type record and sending a DNS request for a pointer type record based on said response to said DNS request for an “
A”
type record.
-
-
13. A method according to claim 9, wherein:
-
said request for communication originated from said second entity; and
said step of establishing communication includes comparing said second entity'"'"'s address to said DNS server'"'"'s address.
-
-
14. A method according to claim 1, wherein:
-
said first address request is generated by a source having a source address;
said request for communication is generated by said second entity, said second entity having a second address; and
said step of establishing communication includes determining whether said second address equals said source address.
-
-
15. A method according to claim 1, wherein:
said step of establishing communication includes relaying packets between said first entity and said second entity.
-
16. A method according to claim 1, wherein:
said step of receiving a first address request includes storing a requesting address and a forwarding address in a table.
-
17. A method according to claim 1, wherein:
said step of receiving a request for communication includes storing a requested port in a table.
-
18. A method according to claim 1, further including the steps of:
-
waiting for a client connection after said step of responding, said second entity resides in a remote network; and
denying a DNS request from an entity that is residing in said remote network during said step of waiting.
-
-
19. A method according to claim 1, further including the steps of:
-
waiting for a client connection after said step of responding, said second entity resides in a remote network, said step of receiving a first address request includes receiving a first DNS request from a DNS server; and
denying a second DNS request from an entity that is residing in said remote network during said step of waiting;
said step of establishing communication includes making a pointer request, receiving a pointer reply, making a authority request based on said pointer reply, receiving an authority response and making a server connection if said DNS server is on a DNS authority list of said second entity.
-
-
20. A method according to claim 1, wherein:
said step of establishing communication includes redirecting HTTP communication to an unused port.
-
21. A method according to claim 1, wherein:
said step of establishing communication includes responding with an HTTP redirect to an unused port number, listening for HTTP requests to said unused port number and forwarding requests for said unused port number to said first entity.
-
22. A physical object storing processor readable code, said processor readable code for programming a processor to perform a method comprising the steps of:
-
receiving a first address request originating from outside said network, said first address request includes a request for an address of said first entity, said first address request identifies said first entity with a domain name for said first entity;
responding to said first address request, including providing a first address that is not unique to said first entity within said network;
receiving a request for communication with said first entity, said request for communication is from a second entity; and
establishing communication between said first entity and said second entity if said second entity is associated with said first address request. - View Dependent Claims (23, 24, 25, 26, 27)
said step of receiving a first address request includes receiving a DNS request from a DNS server;
said first address is an IP address for a gateway; and
said second entity is associated with said first address request if said second entity requested said first entity'"'"'s address from said DNS server.
-
-
24. A physical object according to claim 22, wherein:
-
said first address request is from a domain outside of said network; and
said second entity is associated with said first address request if said second entity is in said domain.
-
-
25. A physical object according to claim 24, wherein said method further includes the steps of:
-
waiting for said request for communication; and
denying an address request from said domain during said step of waiting.
-
-
26. A physical object according to claim 22, wherein said method further includes the steps of:
-
waiting for a client connection after said step of responding, said second entity resides in a remote network, said step of receiving a first address request includes receiving a first DNS request from a DNS server; and
denying a second DNS request from an entity other than said second entity that is residing in said remote network;
said step of establishing communication includes making a pointer request, receiving a pointer reply, making an authority request based on said pointer reply, receiving an authority response and making a server connection if said DNS server is an authority for said second entity.
-
-
27. A physical object according to claim 22, wherein:
said step of establishing communication includes responding with an HTTP redirect to an unused port number, listening for HTTP requests to said unused port number and forwarding requests for said unused port number to said first entity.
-
28. An apparatus, comprising:
-
a server, said server being programmed to perform the method of;
receiving a first address request originating from outside said network, said first address request includes a request for an address of said first entity, said first address request identifies said first entity with a domain name for said first entity;
responding to said first address request, including providing a first address that is not unique to said first entity within said network;
receiving a request for communication with said first entity, said request for communication is from a second entity; and
establishing communication between said first entity and said second entity if said second entity is associated with said first address request. - View Dependent Claims (29, 30, 31, 32, 33)
said step of receiving a first address request includes receiving a DNS request from a DNS server;
said first address is an IP address for a gateway; and
said second entity is associated with said first address request if said second entity requested said first entity'"'"'s address from said DNS server.
-
-
30. An apparatus according to claim 29, wherein:
-
said first address request is from a domain outside of said network; and
said second entity is associated with said first address request if said second entity is in said domain.
-
-
31. An apparatus according to claim 30, wherein said method further includes the steps of:
-
waiting for said request for communication; and
denying a DNS request from said domain during said step of waiting.
-
-
32. An apparatus according to claim 28, wherein said method further includes the steps of:
-
waiting for a client connection after said step of responding, said second entity resides in a remote network, said step of receiving a first address request includes receiving a first DNS request from a DNS server; and
denying a second DNS request from an entity other than said second entity that is residing in said remote network;
said step of establishing communication includes making a pointer request, receiving a pointer reply, making an authority request based on said pointer reply, receiving an authority response and making a server connection if said DNS server is an authority for said second entity.
-
-
33. An apparatus according to claim 28, wherein:
A said step of establishing communication includes responding with an HTTP redirect to an unused port number, listening for HTTP requests to said unused port number and forwarding requests for said unused port number to said first entity.
-
34. A method for establishing communication with a first entity inside a network, comprising the steps of:
-
receiving a request, originating from a domain outside said network, for an address of said first entity, said request for an address identifies said first entity by a domain name for said first entity;
responding to said request by providing a first address for said first entity, said first address is not unique to said first entity within said network;
receiving a request to communicate with said first entity from a second entity;
determining that said second entity is in said domain;
facilitating communication between said second entity and said first entity. - View Dependent Claims (35, 36, 37, 38)
waiting for said request to communicate; and
refusing to service additional requests for said address of said first entity from said domain during said step of waiting.
-
-
36. A method according to claim 34, wherein:
said request for an address is from said second entity.
-
37. A method according to claim 34, wherein:
said request for an address is from a DNS server.
-
38. A method according to claim 34, wherein:
said step of facilitating includes acting as a packet relay.
Specification