System and method for increasing host visibility in network address translation environments
First Claim
1. A method of dynamically performing Network Address Translation (NAT) comprising:
- receiving a Domain Name Service (DNS) lookup request for an internal host inside a firewall from an external device located outside the firewall;
creating, in response to the received DNS lookup request, a new mapping of an internal address from a device inside the firewall to an external network address;
modifying a hostname to include an identifier for a communication protocol as part of the received DNS lookup request; and
configuring a specific port for the new mapping based on the identifier for the communication protocol in the received DNS lookup request reconfiguring dynamically a NAT device to reflect the new mapping.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for dynamically performing Network Address Translation that allows external devices to contact internal host systems that would otherwise be hidden behind a NAT device is discussed. The dynamic NAT mechanism of the present invention maps internal host system addresses to external network addresses and reconfigures the NAT configuration of the network firewall to account for the new mapping on demand. Domain Name Service (DNS) lookup requests for an authorized internal system serve as a trigger to create a new mapping between the internal host system and the external network address. The new mappings may have a lifecycle controlled by dynamic leases that are created for each new mapping.
178 Citations
16 Claims
-
1. A method of dynamically performing Network Address Translation (NAT) comprising:
-
receiving a Domain Name Service (DNS) lookup request for an internal host inside a firewall from an external device located outside the firewall; creating, in response to the received DNS lookup request, a new mapping of an internal address from a device inside the firewall to an external network address; modifying a hostname to include an identifier for a communication protocol as part of the received DNS lookup request; and configuring a specific port for the new mapping based on the identifier for the communication protocol in the received DNS lookup request reconfiguring dynamically a NAT device to reflect the new mapping. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for dynamically performing Network Address Translation (NAT) comprising:
-
a Network Address Translation (NAT) device providing NAT for a network, the network having at least one external network address; at least one internal host located inside a firewall for the network; a dynamic Domain Name Service (DNS) server for creating a new mapping of an internal host address to an external host for the network; a DNS proxy that identifies DNS lookup requests for the at least internal host inside the firewall that are received from an external device located outside the firewall, the DNS proxy reconfiguring dynamically the NAT device to reflect a new mapping between an address for the internal host and an external address for the network; wherein, the NAT is reconfigured to modify a host address to include an identifier for a communication protocol included in the DNS lookup request; and the NAT reconfiguration includes configuring a specific port for the new mapping based on the identifier for the communication protocol in the DNS lookup request. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory medium holding computer-executable instructions for dynamically performing Network Address Translation (NAT), the instructions comprising:
-
instructions for receiving a Domain Name Service (DNS) lookup request for an internal host inside a firewall from an external device located outside the firewall; instructions for creating, in response to the received DNS lookup request, a new mapping of an internal address from a device inside the firewall to an external network address; instructions for modifying a hostname to include an identifier for a communication protocol as part of the received DNS lookup request; instructions for configuring a specific port for the new mapping based on the identifier for the communication protocol in the received DNS lookup request; instructions for reconfiguring dynamically a NAT device to reflect the new mapping; and instructions for routing a communication from said external device to the internal address using the new mapping in the NAT device. - View Dependent Claims (13, 14, 15, 16)
-
Specification