Proxy network address translation
First Claim
1. A system for securing data communication between an internet computer network and an external computer network, comprising:
- a client located in the internal computer network;
a server located in the external computer network and in communication with the client; and
a proxy network address translation device comprising;
components for (1) performing, at a packet level, a network address translation upon a stream of packets originating from the client and (2) filtering, at a stream level, the stream of packets and transmitting the packets to the server, wherein the filtering is transparent to the client, and wherein the network address translation component redirects the stream of packets to the filtering component; and
a communications socket internal to the proxy network address translation device and communicatively connected to the components for (1) performing the network address translation and (2) filtering.
2 Assignments
0 Petitions
Accused Products
Abstract
Proxy network address translation (PNAT) is disclosed, which combines proxy server capability with network address translation (NAT) capability. At a NAT component, address translation is performed at a packet level of a stream of packets originating from a client and destined for a server. The address translation redirects the packets to a proxy component, and masks the source of the packets. At the proxy component, filtering is performed at a stream level of the stream of packets. The proxy component transmits the packets to the server. A specific installed component is not required at clients for access through the PNAT. The PNAT retains the advantages of a proxy server, while retaining for the component-less nature of access of NAT.
-
Citations
9 Claims
-
1. A system for securing data communication between an internet computer network and an external computer network, comprising:
-
a client located in the internal computer network; a server located in the external computer network and in communication with the client; and a proxy network address translation device comprising; components for (1) performing, at a packet level, a network address translation upon a stream of packets originating from the client and (2) filtering, at a stream level, the stream of packets and transmitting the packets to the server, wherein the filtering is transparent to the client, and wherein the network address translation component redirects the stream of packets to the filtering component; and a communications socket internal to the proxy network address translation device and communicatively connected to the components for (1) performing the network address translation and (2) filtering. - View Dependent Claims (2)
-
-
3. A device comprising:
a proxy network address translation device comprising; a component for performing, at a packet level, a network address translation with respect to a stream of packets originating from a client in an internal network, wherein the client is communicating the stream of packets to a server located in an external network, and wherein the network address translation component redirects the stream of packets to a component for filtering; the component for filtering, at a stream level, the stream of packets, wherein the filtering is transparent to the client; a communication socket internal to the proxy network address translation device and communicatively connected to; the component for performing the network address translation; and the component for filtering; and a component for transmitting the packets to the server after the packets are filtered. - View Dependent Claims (4, 5, 6, 7)
-
8. A computer-implemented method for communication between a first network and a second network comprising:
-
intercepting, at a first external socket of a proxy network address translation device, a stream of packets; performing, at a first internal component of the proxy network address translation device, a network address translation upon the stream of packets, the network address translation occurring at a packet level; transmitting, from the first internal component of the proxy network address translation device to a second internal component of the proxy network address translation device using a communication socket internal to the proxy network address translation device, the translated stream of packets; filtering, at the second internal component of the proxy network address translation device, the translated stream of packets, the filtering occurring at a stream level; and transmitting, from the second external socket of the proxy network address translation device, the translated and filtered stream of packets. - View Dependent Claims (9)
-
Specification