Method and apparatus for network port and network address translation
First Claim
1. A method for forwarding data between a first network and a second network, the first network and the second network being operatively connected, the method comprising:
- receiving, reconfiguring and forwarding a first data packet from the first network to the second network, the reconfiguring comprising mapping, in accordance with a reversible data-forwarding rule (DFR), a first source address of the first data packet to a second source address, a first source port number of the first data packet to a second source port number, and a first destination port number of the first data packet to a second destination port number, said DFR established in response to a DFR request wherein the first source address is different from the second source address, the first source port number is different from the second source port number, and the first destination port number is different from the second destination port number; and
receiving, reconfiguring and forwarding a second data packet from the second network to the first network if a source address of the second data packet corresponds with a first destination address of the first data packet, a destination address of the second data packet corresponds with the second source address, a source port number of the second data packet corresponds with the second destination port number and a destination port number of the second data packet corresponds with the second source port number, wherein reconfiguring the second packet comprises mapping the destination address thereof based at least in part on the source address, the source port number and the destination port number of the second packet, in accordance with a reverse mapping of the DFR,wherein the second destination port number is selected, during establishment of the DFR, to create a unique correspondence between a combination of the first source address and the first source port number with respect to a combination of the second source port number, the second destination port number and the first destination address, wherein establishment of the DFR is made relative to other established DFRs.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and apparatus for network port and network address translation. Several problems with limited addressability may occur when transmitting data packets between a terminal in a first network and a terminal in a second network that is outside the first network. Data forwarding rules are used to define if and how identifiers of data packets to be forwarded between the two networks correlate with each other. According to embodiments, a data forwarding rule includes a first identifier associated with the first network and a second identifier associated with the second network, wherein each identifier has two parts: a source address and source port number corresponding to a source network node, and a destination address and destination port number corresponding to a destination network node.
208 Citations
28 Claims
-
1. A method for forwarding data between a first network and a second network, the first network and the second network being operatively connected, the method comprising:
-
receiving, reconfiguring and forwarding a first data packet from the first network to the second network, the reconfiguring comprising mapping, in accordance with a reversible data-forwarding rule (DFR), a first source address of the first data packet to a second source address, a first source port number of the first data packet to a second source port number, and a first destination port number of the first data packet to a second destination port number, said DFR established in response to a DFR request wherein the first source address is different from the second source address, the first source port number is different from the second source port number, and the first destination port number is different from the second destination port number; and receiving, reconfiguring and forwarding a second data packet from the second network to the first network if a source address of the second data packet corresponds with a first destination address of the first data packet, a destination address of the second data packet corresponds with the second source address, a source port number of the second data packet corresponds with the second destination port number and a destination port number of the second data packet corresponds with the second source port number, wherein reconfiguring the second packet comprises mapping the destination address thereof based at least in part on the source address, the source port number and the destination port number of the second packet, in accordance with a reverse mapping of the DFR, wherein the second destination port number is selected, during establishment of the DFR, to create a unique correspondence between a combination of the first source address and the first source port number with respect to a combination of the second source port number, the second destination port number and the first destination address, wherein establishment of the DFR is made relative to other established DFRs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for forwarding data between a first network and a second network, the apparatus for operatively connecting the first and the second network, the apparatus comprising:
-
a first network interface operatively connected to the first network for receiving one or more first data packets from the first network and for forwarding one or more second data packets to the first network; a second network interface operatively connected to the second network for receiving the one or more second data packets from the second network and for forwarding the one or more first data packets to the second network; and a packet-processing system operatively connected to the first network interface and the second network interface, the packet-processing system configured to reconfigure each of the first data packets, if the first destination address is associated with the second network, the reconfiguring of the first data packets comprising mapping, in accordance with a reversible data-forwarding rule (DFR), a first source address of the first data packet to a second source address, a first source port number of the first data packet to a second source port number and a first destination port number of the first data packet to a second destination port number, said DFR established in response to a DFR request, wherein the first source address is different from the second source address, the first source port number is different from the second source port number, and the first destination port number is different from the second destination port number, the packet processing system further configured to reconfigure each of the second data packets, if a source address of the second data packet corresponds with a first destination address of the first data packet, a destination address of the second data packet corresponds with the second source address, a source port number of the second data packet corresponds with the second destination port number and a destination port number of the second data packet corresponds with the second source port number, the reconfiguring of the second packets comprising mapping the destination address thereof based at least in part on the source address, the source port number and the destination port number of the second packet, in accordance with a reverse mapping of the DFR, wherein the apparatus is configured to select the second destination port number, during establishment of the DFR, so as to create a unique correspondence between a combination of the first source address and the first source port number with respect to a combination of the second source port number, the second destination port number and the first destination address, wherein establishment of the DFR is made relative to other established DFRs. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product comprising a memory having embodied thereon statements and instructions for execution by a computer, thereby causing the computer to perform a method for forwarding data packets between a first network and a second network, the method comprising the steps of:
-
receiving, reconfiguring and forwarding a first data packet from the first network to the second network, the reconfiguring comprising mapping, in accordance with a reversible data-forwarding rule (DFR), a first source address of the first data packet to a second source address, a first source port number of the first data packet to a second source port number, and a first destination port number of the first data packet to a second destination port number, said DFR established in response to a DFR request, wherein the first source address is different from the second source address, the first source port number is different from the second source port number, and the first destination port number is different from the second destination port number; and receiving, reconfiguring and forwarding a second data packet from the second network to the first network if a source address of the second data packet corresponds with a first destination address of the first data packet, a destination address of the second data packet corresponds with the second source address, a source port number of the second data packet corresponds with the second destination port number and a destination port number of the second data packet corresponds with the second source port number, wherein reconfiguring the second packet comprises mapping the destination address thereof based at least in part on the source address, the source port number and the destination port number of the second packet, in accordance with a reverse mapping of the DFR, wherein the second destination port number is selected, during establishment of the DFR, to create a unique correspondence between a combination of the first source address and the first source port number with respect to a combination of the second source port number, the second destination port number and the first destination address, wherein establishment of the DFR is made relative to other established DFRs. - View Dependent Claims (26, 27, 28)
-
Specification