CN101262478A - Method and device for penetrating NAT - Google Patents

Method and device for penetrating NAT Download PDF

Info

Publication number
CN101262478A
CN101262478A CNA2008100910266A CN200810091026A CN101262478A CN 101262478 A CN101262478 A CN 101262478A CN A2008100910266 A CNA2008100910266 A CN A2008100910266A CN 200810091026 A CN200810091026 A CN 200810091026A CN 101262478 A CN101262478 A CN 101262478A
Authority
CN
China
Prior art keywords
terminal
server
message
intranet
acting server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2008100910266A
Other languages
Chinese (zh)
Inventor
郭中华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CNA2008100910266A priority Critical patent/CN101262478A/en
Publication of CN101262478A publication Critical patent/CN101262478A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method which can convert NAT through passing through websites and equipment, which is applied to network including a terminal, an agent server and a server network. The terminal and the agent server are positioned in internal network and the server is positioned in external network, and the agent server and the server are connected by a common connection channel; the method disclosed by the invention comprises the steps: when the server needs to send message to the terminal in the internal network, the address information of the terminal can be acquired according to each terminal address information stored in the internal network; the server packages the terminal address information into the message, the target address of which is the agent server; and the packed terminal address information is sent to the agent server through the common connection channel; therefore the agent server can transmit the message which needs to be sent to the terminal in the internal network to the corresponding terminal. The method disclosed by the invention, by arranging the agent server in the internal network, realizes passing through NAT in network application layer, which demands for no modification of the existing networking effect, thus being convenient for being deployed in network.

Description

The method and apparatus of penetrating NAT
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and apparatus of penetrating NAT.
Background technology
NAT (Network Address Translation, network address translation) technology provides the function of the network address translation in the territory for the network address in another territory, can set up address mapping relation in two territories by the NAT technology.In the process of carrying out NAT, also need to carry out port mapping for different agreements, as UDP (User Datagram Protocol, User Datagram Protoco (UDP)) agreement, TCP (Transmission Control Protocol, transmission control protocol) agreement etc.
NAT device generally is placed on the exit of private network, realizes the function of the user to access public net in the private network.When being private user visit public network resource, carry out the conversion between private net address and the public network address, NAT device is distributed to public network address of private user, thereby allows private user can visit the public network resource.
NAT device is divided into two kinds: comprise two-way NAT and unidirectional NAT device.Two-way NAT is meant the request of initiating for any one territory from two territories, and NAT device can be the address in another territory with the address transition in the request domain, and the response in another territory is sent to request domain by NAT device.Unidirectional NAT refers to and can only initiate request from a territory, and handles for the response that is requested the territory.NAT device occurs in order to solve the public network address anxiety; So the NAT that refers to generally speaking, is meant unidirectional NAT.
Because the inherent characteristic and the one-way of NAT device cause can't arriving Intranet from the solicited message that outer net sends, need therefore to realize that NAT passes through.Prior art adopts the tunnel style passing through NAT usually, as configuring GRE on equipment (Generic Routing Encapsulation, Generic Routing Encapsulation) agreement, realizes that NAT passes through, or adopts IPSec to carry out NAT and pass through.
Adopt the shortcoming of the method for tunnel style passing through NAT to be that NAT passes through the equipment that need depend on, depend on whether equipment has realized corresponding protocols tunnel etc.In addition, adopt tunnel style, can't realize the application layer passing through NAT; The software systems passing through NAT of application layer can't adopt the tunnel to realize.
Summary of the invention
The invention provides a kind of method and apparatus of penetrating NAT, be used for realizing passing through NAT in the reciprocal process of Intranet equipment and outer net equipment.
For achieving the above object, the invention provides a kind of method of penetrating NAT, be applied to comprise in the network of terminal, acting server and server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, said method comprising the steps of:
Described server need be in Intranet terminal when sending message, according to the address information of each terminal in the Intranet of having stored, obtain the address information of described terminal;
Described server is encapsulated in the address information of described terminal in the message that destination address is described acting server, send to described acting server by described normal interface channel, the described message that sends of terminal that need be in Intranet is forwarded to corresponding terminal for described acting server.
Wherein, the address information of each terminal is specially in the described Intranet of having stored:
Be pre-configured in the address information of the terminal in the Intranet on the described server; And/or
Described server is resolved the address information of the terminal in the Intranet of obtaining from described message when the message of the terminal that receives described acting server forwarding.
Wherein, the terminal that described server need be in the Intranet step that sends message specifically comprises:
Described server initiatively initiate with Intranet in terminal communication the time, terminal that need be in Intranet sends message; Or
Described server need terminal send response message in Intranet when the message of the terminal that receives described acting server forwarding.
The present invention also provides a kind of method of penetrating NAT, be applied to comprise in the network of terminal, acting server and server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, said method comprising the steps of:
Acting server in the Intranet receives the message that the terminal in the Intranet sends;
Described acting server encapsulates again to described message, is specially: carry the address information of described terminal in the new message after encapsulation, and the destination address of described new message is become described server;
Described acting server sends the server of new message in outer net that described encapsulation obtains.
Wherein, the acting server in the described Intranet also comprises before receiving the message of the terminal transmission in the Intranet:
Each terminal in the Intranet is obtained the address information of the acting server in the described Intranet.
Wherein, after the described server of new message in outer net that described encapsulation is obtained sends, also comprise step:
Described acting server receives the message that the server in the outer net sends;
The described message of described proxy server parses obtains the content in the described message and the address information of terminal;
Described acting server is according to the address information of described terminal, the described content of obtaining is encapsulated as message and sends to described terminal.
The present invention also provides a kind of server, be applied to comprise that described terminal and acting server are arranged in Intranet in the network of terminal and acting server, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, and described server comprises:
Address acquisition unit when being used for sending message to the terminal of Intranet, according to the address information of each terminal in the Intranet of having stored, is obtained the address information of described terminal;
The message encapsulation unit is used for the address information of described terminal is encapsulated in the message that destination address is described acting server;
Packet sending unit is used for the message after the encapsulation of described message encapsulation unit is sent to described acting server by described normal interface channel, the described message that need the terminal in Intranet sends is forwarded to the terminal of correspondence for described acting server.
Wherein, also comprise:
The packet parsing unit is used to receive described acting server by the message that described normal interface channel sends, and obtains the address information of terminal in the described message;
Address storaging unit is used for storing the address information of the terminal of pre-configured Intranet; And/or store the address information of the terminal in the Intranet that described packet parsing unit resolves obtains.
Wherein, also comprise the message acquiring unit, be used for obtaining the message that need send that described message acquiring unit further comprises to the terminal of Intranet:
First message obtains subelement, when being used for initiatively initiating the terminal communication with Intranet, obtains the message that need the terminal in Intranet sends; Or
Second message obtains subelement, is used for when receiving the message of the terminal that described acting server transmits, and obtains the message of terminal response that need be in Intranet.
The present invention also provides a kind of acting server, be applied to comprise in the network of terminal and acting server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, and described acting server comprises:
Act on behalf of the Intranet receiving element, be used for receiving the message that the terminal of Intranet sends;
Act on behalf of encapsulation unit, be used for the described message of acting on behalf of the reception of Intranet receiving element is encapsulated again, be specially: carry the address information of described terminal in the new message after encapsulation, and the destination address of described new message is become described server;
Act on behalf of transmitting element, be used for acting on behalf of the new message that encapsulation unit encapsulation obtains and sending by the server of described normal interface channel to outer net with described.
Wherein, also comprise:
Act on behalf of the outer net receiving element, be used for receiving the message of the server of outer net by described normal interface channel transmission;
The proxy resolution unit is used to resolve described message, obtains the content in the described message and the address information of terminal;
Act on behalf of retransmission unit, be used for the address information according to described terminal, content corresponding terminal in Intranet that described proxy resolution unit resolves is obtained sends.
Compared with prior art, the present invention has the following advantages:
By acting server is set in Intranet, realized at the network application layer passing through NAT.And do not need to revise existing networking result, do not rely on NAT device, can in network, dispose easily.
Description of drawings
Fig. 1 is the schematic diagram that intranet and extranet communicate by NAT in the prior art;
Fig. 2 is the applied network diagram of passing through NAT method among the present invention;
Fig. 3 is a flow chart of passing through NAT method among the present invention;
Fig. 4 is another flow chart of passing through NAT method among the present invention;
Fig. 5 is the message structure schematic diagram between the outer network server in the acting server in the Intranet and the outer net among the present invention;
Fig. 6 is the structural representation of the acting server in the Intranet among the present invention;
Fig. 7 is the structural representation of the server in the outer net among the present invention.
Embodiment
The invention provides a kind of method and apparatus of penetrating NAT, the demand of passing through NAT when being used to satisfy the two-way communication of outer net between Intranet.Core concept of the present invention is to act on behalf of passing through NAT in the network application layer employing, and is concrete: place an acting server in Intranet, act on behalf of the two-way communication that network terminations arrive outer network server in all.There is normal interface channel between acting server in this Intranet and the server in the outer net, it is the message of interior network termination that server in the outer net can directly send destination address to acting server by this normal interface channel, is transmitted by the inside network termination of acting server.
The applied network diagram of the method for penetrating NAT mainly comprises as shown in Figure 2 among the present invention: the outer network server in the terminal in the Intranet, the acting server in the Intranet and the outer net.
Concrete, a kind of method of passing through NAT comprises as shown in Figure 3 among the present invention:
Acting server in step s101, the Intranet receives the message that the terminal in the Intranet sends.
Concrete, each terminal in the Intranet can be obtained the address information (as the IP address and the port of acting server) of the acting server in the Intranet in advance by modes such as broadcasting.After terminal in the Intranet got access to the address of the acting server in the Intranet, all messages that needs can be sent to outer network server all directly sent to the agency, and received response by the agency.Certainly terminal also can send to acting server by a message with the particular service kind, and this particular service kind message that need send to acting server can be provided with in advance.
Step s102, acting server encapsulate the message that terminal sends, and obtain new message.
Concrete, the message that acting server sends terminal, and the address information of this terminal (comprising information such as the IP address of terminal and port) encapsulates, and obtains new message, the destination address of this new message is the address of outer network server.
Step s103, acting server send the server of new message in outer net that encapsulation obtains.
Concrete, acting server in the Intranet can be connected by the mode of normal interface channel with server in the outer net, this normal interface channel can be realized in the following manner: create static mappings on NAT device, foundation, also can be adopted the application layer message regularly to send request mode and keep normal connection to the static address mapping relations the acting server from outer network server.When acting server and outer network server carried out message interaction by this normal interface channel, message was gone up transparent transmission from NAT.
Server in step s104, the outer net receives the message that the acting server in the Intranet sends.
Step s105, this message of server parses, the address of record terminal is also handled and is resolved the content that obtains.
Concrete, this message of server parses obtains the content in the described message and the address information of the terminal in the Intranet.The content that the described parsing of server record is afterwards obtained and the address information of described terminal; Server process is resolved the content obtain, and this processings specifically comprises: the content that parsing is obtained is carried out local processing or other network equipments of sending in the outer net are handled.
Concrete, a kind of method of passing through NAT also comprises as shown in Figure 4 among the present invention:
Server in step s201, the outer net obtain need be in Intranet the message that sends of terminal.
Concrete, server can needs initiatively initiate with Intranet in terminal communication the time, obtain the message that need the terminal in Intranet sends; Or server also can be when receiving the message of the terminal that acting server transmits, and obtains the message of terminal response that need be in Intranet.
Step s202, server obtain the address information of terminal according to the address information of terminal in the Intranet of storage in advance.
Concrete, the address information of terminal in the message of network termination and the Intranet of having stored in server sends to is as required obtained the address information with the terminal that needs to receive message.The address information of terminal in the Intranet of storing in advance in the server, can be pre-configured on the server (when being static ip address as the terminal in the Intranet, in advance terminal and corresponding static ip address are configured on the server), also can be server receive that acting server transmits from the message of interior network termination the time, obtain by analytic message.Server can send message by the directly inside network termination of acting server according to the address information of the interior network termination of this locality storage.
Step s203, server are encapsulated in the address information of terminal in this message, and the message destination address is set to the address of acting server.
Message after step s204, server will encapsulate by normal interface channel sends to acting server, and the message that will need the terminal in Intranet to send for acting server is forwarded to corresponding terminal.
Step s205, acting server receive the message that the server in the outer net sends.
Step s206, this message of proxy server parses, content corresponding terminal in Intranet that parsing is obtained sends.
Concrete, this message of proxy server parses obtains the content in the message and the address information of terminal; Acting server is according to the address information of described terminal, the content of obtaining is encapsulated as message and sends to described terminal.
In the flow process that above-mentioned Fig. 3 and Fig. 4 describe, the message structure between the outer network server in acting server in the Intranet and the outer net can be as shown in Figure 5.Wherein the mutual data of terminal in the Intranet and acting server are encapsulated in the message transmissions layer as application layer data.The address information (as IP address and port) of network termination in should comprising in the application layer data considers that fail safe then also can expand other attributes, no longer is described at this.
Below in conjunction with a concrete application scenarios, the specific embodiment of the present invention is described.
Suppose to exist in Intranet terminal A, terminal B, the Intranet IP address of terminal A is 192.168.0.101, and the Intranet IP address of terminal B is 192.168.1.102, also has acting server in the Intranet, and its Intranet IP address is 192.168.0.1.The Intranet IP address of the NAT device on Intranet and outer net border is 192.168.0.2, and outer net IP address is 220.181.0.1.The outer net IP address of the outer network server in the outer net is 220.181.0.2, and this outer network server (220.181.0.2) is used for the safe condition of terminal is detected.Acting server (192.168.0.1) is set up normal interface channel with external server (220.181.0.2) by NAT device.
Terminal A (192.168.0.101) is according to the IP address (192.168.0.1) of acting server constantly for certain, and to acting server transmission message, outer network server (220.181.0.2) is visited in the safe condition relevant information of carried terminal A and request in this message.Acting server encapsulates the message that receives, in message original content of carrying, and the further address information of carried terminal A (192.168.0.101); And the message after will encapsulating sends by the outside network server of normal interface channel (220.181.0.2).
Outer network server (220.181.0.2) carries out decapsulation after receiving the message that acting server (192.168.0.1) sends, the address information of the terminal A that storing and resolving obtains (192.168.0.101), and the content in the message handled, as judge needs according to the safe condition relevant information of terminal A the related software of terminal A is upgraded, then obtain the required information of upgrading, and encapsulate with the address information of terminal A and to generate new message and send to acting server (192.168.0.1).
Acting server (192.168.0.1) receives message from outer network server (220.181.0.2), content in the analytic message obtains the address information of terminal A and the required information of upgrading, and then acting server (192.168.0.1) sends the required information of upgrading that parsing obtains to terminal A (192.168.0.101).
For example certain the terminal A (192.168.0.101) that constantly outer net server (220.181.0.2) need be in Intranet and the order of the application state on terminal B (192.168.1.102) the transmission sense terminals again.Then outer network server (220.181.0.2) is according to the address of terminal A that stores in the local cache (192.168.0.101) and terminal B (192.168.1.102), order encapsulated with the address information of terminal A and terminal B respectively generate new message and send to acting server (192.168.0.1).
Acting server (192.168.0.1) receives message from outer network server (220.181.0.2), content in the analytic message obtains order and the address information to terminal A (192.168.0.101) and terminal B (192.168.1.102) transmission, and then acting server (192.168.0.1) will be ordered respectively and be sent to terminal A (192.168.0.101) and terminal B (192.168.1.102).
After terminal A (192.168.0.101) and terminal B (192.168.1.102) carry out the order that receives, carry out the order that receives respectively and, send message to acting server according to the IP address (192.168.0.1) of acting server.The application state relevant information of difference carried terminal A and terminal B and request visit outer network server (220.181.0.2) in the message.
Acting server encapsulates the message that receives, in message original content of carrying, and the further address information of carried terminal A (192.168.0.101) and terminal B (192.168.1.102); And the message after will encapsulating sends by the outside network server of normal interface channel (220.181.0.2).
By above-mentioned flow process, realized the terminal in the Intranet and the two-way interactive of the server in the outer net by acting server, do not need the participation of NAT device in the reciprocal process.In addition, the server in the outer net can send message by the directly inside network termination of acting server according to the address information of the interior network termination of this locality storage.
The acting server and the outer network server that generally use in acting server that uses in the NAT traversing method that provides among the present invention and server and the prior art are different.For the acting server among the present invention, need to realize the address information of interior network termination and the message of interior network termination transmission are encapsulated in the message of outside network server transmission simultaneously; For the outer network server among the present invention, by with Intranet in the normal interface channel of acting server, the message that sends except internal network termination responds, can also be according to the address information of the interior network termination of this locality storage, initiatively inwardly network termination sends message, is undertaken being transmitted to interior network termination after the decapsulation by the acting server in the Intranet.Above-mentioned functions is that acting server of the prior art and outer network server can't be realized.Even existing outer network server under the cooperation of acting server, also can't be realized the initiatively function of the transmission of the terminal in Intranet message.
The present invention also provides a kind of system that is used to realize passing through NAT, be applied to comprise in the network of terminal, acting server and server, wherein terminal and acting server are arranged in Intranet, server is arranged in outer net, acting server is connected by normal interface channel with server, shown in Figure 2 among the network configuration of distinct device such as the present invention.
The structure of the acting server among the present invention comprises as shown in Figure 6:
Act on behalf of Intranet receiving element 11, be used for receiving the message that the terminal of Intranet sends;
Act on behalf of encapsulation unit 12, encapsulate again, be specially: carry the address information of described terminal in the new message after encapsulation, and the destination address of described new message is become server in the outer net acting on behalf of the message that Intranet receiving element 11 receives.
Act on behalf of transmitting element 13, be used for sending by the server of normal interface channel to outer net with acting on behalf of the new message that encapsulation unit 12 encapsulation obtains.
Also comprise:
Act on behalf of outer net receiving element 14, be used for receiving the message that the server of outer net sends;
Proxy resolution unit 15 is used to resolve the described message that outer net receiving element 14 receives of acting on behalf of, and obtains the content in the message and the address information of terminal;
Act on behalf of retransmission unit 16, be used for resolving the address information of the terminal that obtains, the content corresponding terminal in Intranet that obtains is resolved in proxy resolution unit 15 send according to proxy resolution unit 15.
The structure of the server among the present invention comprises as shown in Figure 7:
Address acquisition unit 21,, when being used for sending message,, obtain the address information of terminal according to the address information of each terminal in the Intranet of having stored to the terminal of Intranet.
Message encapsulation unit 22, the address information that is used for terminal that address acquisition unit 21 is obtained is encapsulated in the message that destination address is an acting server.
Packet sending unit 23 is used for the message after 22 encapsulation of message encapsulation unit is sent to described acting server by normal interface channel, and the message that will need the terminal in Intranet to send for acting server is forwarded to corresponding terminal.
Also comprise:
Message acquiring unit 24 is used for obtaining the message that need send to the terminal of Intranet; Message acquiring unit 24 further comprises: first message obtains subelement, when being used for initiatively initiating the terminal communication with Intranet, obtains the message that need the terminal in Intranet sends; Or second message obtain subelement, be used for when receiving the message of the terminal that acting server transmits, obtain the message of terminal response that need be in Intranet.
Packet parsing unit 25 is used to receive the message that acting server sends, and obtains the address information of terminal in the message;
Address storaging unit 26 is used for storing the address information of the terminal of pre-configured Intranet; And/or stored messages resolution unit 25 is resolved the address information of the terminal in the Intranet of obtaining.
The method and apparatus that the application of the invention provides is provided with acting server in Intranet, realized at the network application layer passing through NAT.And do not need to revise existing networking result, do not rely on NAT device, can in network, dispose easily.Need to prove, in the foregoing description of the present invention, be respectively one with the quantity of acting server and outer network server and describe, but the present invention does not limit the quantity of the two.In the networking scene of reality, the quantity of acting server or outer network server can be many, still can use method provided by the invention, belongs to protection scope of the present invention.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprises that some instructions are used so that an equipment is carried out the described method of each embodiment of the present invention.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.

Claims (11)

1, a kind of method of penetrating NAT, it is characterized in that, be applied to comprise in the network of terminal, acting server and server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, said method comprising the steps of:
Described server need be in Intranet terminal when sending message, according to the address information of each terminal in the Intranet of having stored, obtain the address information of described terminal;
Described server is encapsulated in the address information of described terminal in the message that destination address is described acting server, send to described acting server by described normal interface channel, the described message that sends of terminal that need be in Intranet is forwarded to corresponding terminal for described acting server.
2, the method for penetrating NAT according to claim 1 is characterized in that the address information of each terminal is specially in the described Intranet of having stored:
Be pre-configured in the address information of the terminal in the Intranet on the described server; And/or
Described server is resolved the address information of the terminal in the Intranet of obtaining from described message when the message of the terminal that receives described acting server forwarding.
3, the method for penetrating NAT according to claim 1 is characterized in that, the step that described server need the terminal in Intranet sends message specifically comprises:
Described server initiatively initiate with Intranet in terminal communication the time, terminal that need be in Intranet sends message; Or
Described server need terminal send response message in Intranet when the message of the terminal that receives described acting server forwarding.
4, a kind of method of penetrating NAT, it is characterized in that, be applied to comprise in the network of terminal, acting server and server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, said method comprising the steps of:
Acting server in the Intranet receives the message that the terminal in the Intranet sends;
Described acting server encapsulates again to described message, is specially: carry the address information of described terminal in the new message after encapsulation, and the destination address of described new message is become described server;
Described acting server sends the server of new message in outer net that described encapsulation obtains.
As the method for penetrating NAT as described in the claim 4, it is characterized in that 5, the acting server in the described Intranet also comprises before receiving the message that the terminal in the Intranet sends:
Each terminal in the Intranet is obtained the address information of the acting server in the described Intranet.
6, the method for penetrating NAT according to claim 1 is characterized in that, after the described server of new message in outer net that described encapsulation is obtained sends, also comprises step:
Described acting server receives the message that the server in the outer net sends;
The described message of described proxy server parses obtains the content in the described message and the address information of terminal;
Described acting server is according to the address information of described terminal, the described content of obtaining is encapsulated as message and sends to described terminal.
7, a kind of server is characterized in that, is applied to comprise in the network of terminal and acting server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, and described acting server is connected by normal interface channel with described server, and described server comprises:
Address acquisition unit when being used for sending message to the terminal of Intranet, according to the address information of each terminal in the Intranet of having stored, is obtained the address information of described terminal;
The message encapsulation unit is used for the address information of described terminal is encapsulated in the message that destination address is described acting server;
Packet sending unit is used for the message after the encapsulation of described message encapsulation unit is sent to described acting server by described normal interface channel, the described message that need the terminal in Intranet sends is forwarded to the terminal of correspondence for described acting server.
8, as server as described in the claim 7, it is characterized in that, also comprise:
The packet parsing unit is used to receive described acting server by the message that described normal interface channel sends, and obtains the address information of terminal in the described message;
Address storaging unit is used for storing the address information of the terminal of pre-configured Intranet; And/or store the address information of the terminal in the Intranet that described packet parsing unit resolves obtains.
9, as server as described in claim 7 or 8, it is characterized in that, also comprise the message acquiring unit, be used for obtaining the message that need send to the terminal of Intranet, described message acquiring unit further comprises:
First message obtains subelement, when being used for initiatively initiating the terminal communication with Intranet, obtains the message that need the terminal in Intranet sends; Or
Second message obtains subelement, is used for when receiving the message of the terminal that described acting server transmits, and obtains the message of terminal response that need be in Intranet.
10, a kind of acting server, it is characterized in that, be applied to comprise in the network of terminal and acting server, described terminal and acting server are arranged in Intranet, described server is arranged in outer net, described acting server is connected by normal interface channel with described server, and described acting server comprises:
Act on behalf of the Intranet receiving element, be used for receiving the message that the terminal of Intranet sends;
Act on behalf of encapsulation unit, be used for the described message of acting on behalf of the reception of Intranet receiving element is encapsulated again, be specially: carry the address information of described terminal in the new message after encapsulation, and the destination address of described new message is become described server;
Act on behalf of transmitting element, be used for acting on behalf of the new message that encapsulation unit encapsulation obtains and sending by the server of described normal interface channel to outer net with described.
11, as acting server as described in the claim 10, it is characterized in that, also comprise:
Act on behalf of the outer net receiving element, be used for receiving the message of the server of outer net by described normal interface channel transmission;
The proxy resolution unit is used to resolve described message, obtains the content in the described message and the address information of terminal;
Act on behalf of retransmission unit, be used for the address information according to described terminal, content corresponding terminal in Intranet that described proxy resolution unit resolves is obtained sends.
CNA2008100910266A 2008-04-10 2008-04-10 Method and device for penetrating NAT Pending CN101262478A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2008100910266A CN101262478A (en) 2008-04-10 2008-04-10 Method and device for penetrating NAT

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2008100910266A CN101262478A (en) 2008-04-10 2008-04-10 Method and device for penetrating NAT

Publications (1)

Publication Number Publication Date
CN101262478A true CN101262478A (en) 2008-09-10

Family

ID=39962680

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2008100910266A Pending CN101262478A (en) 2008-04-10 2008-04-10 Method and device for penetrating NAT

Country Status (1)

Country Link
CN (1) CN101262478A (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101867609A (en) * 2010-06-03 2010-10-20 中兴通讯股份有限公司 Method for media gateway agent and device thereof
CN102291402A (en) * 2011-08-09 2011-12-21 中国联合网络通信集团有限公司 Method, device and system for passing through private network
CN102318323A (en) * 2011-07-30 2012-01-11 华为技术有限公司 NAT disposal method, equipment and system of call between private network and off-network clients
CN102055659B (en) * 2009-11-10 2012-08-22 中国科学院计算技术研究所 Method for establishing NAT (Network Address Translation) traversal channel by system terminal equipment
CN103686198A (en) * 2013-12-30 2014-03-26 优视科技有限公司 Video data processing method, device and system
CN103929438A (en) * 2014-05-06 2014-07-16 中国联合网络通信集团有限公司 Firewall traversal method, equipment and system based on web page browser communication
CN104125145A (en) * 2014-08-12 2014-10-29 中国联合网络通信集团有限公司 Web browser based communication method, web browser based communication equipment and web browser based communication system
CN102065111B (en) * 2009-11-13 2015-02-25 北京神州绿盟信息安全科技股份有限公司 Reverse proxy method and reverse proxy server
CN104580543A (en) * 2013-10-16 2015-04-29 福达新创通讯科技(厦门)有限公司 Data transmission method and system as well as recording medium
CN105530310A (en) * 2015-12-22 2016-04-27 浙江宇视科技有限公司 Device connection method and apparatus suitable for traffic forwarding of private and public networks
CN106375493A (en) * 2016-10-10 2017-02-01 腾讯科技(深圳)有限公司 Cross-network communication method and proxy servers
CN106790758A (en) * 2016-12-29 2017-05-31 杭州迪普科技股份有限公司 A kind of method and device of the network object of access NAT network internals
CN107154942A (en) * 2017-05-16 2017-09-12 苏州云屏网络科技有限公司 A kind of method that automation services are provided by third-party server
CN107329713A (en) * 2017-06-27 2017-11-07 福州汇思博信息技术有限公司 The Method of printing and system of a kind of cross-network segment
CN108810012A (en) * 2018-07-02 2018-11-13 北京明朝万达科技股份有限公司 Communication means based on Session Initiation Protocol and device
CN109286647A (en) * 2017-07-21 2019-01-29 杭州海康威视数字技术股份有限公司 The method and apparatus for obtaining multi-medium data
CN109327535A (en) * 2018-11-09 2019-02-12 郑州云海信息技术有限公司 A kind of data bank access method, system, middleware equipment and medium
WO2019061521A1 (en) * 2017-09-30 2019-04-04 深圳前海达闼云端智能科技有限公司 Proxy forwarding method and device, proxy server and multi-level proxy network
CN110266713A (en) * 2019-06-28 2019-09-20 深圳市网心科技有限公司 Intranet and extranet communication means, device, system and proxy server and storage medium
CN110661858A (en) * 2019-09-12 2020-01-07 南京博联智能科技有限公司 Websocket-based intranet penetration method and system
CN110730237A (en) * 2019-10-21 2020-01-24 深圳市网心科技有限公司 Data transmission method, device, system and equipment
CN113452686A (en) * 2021-06-23 2021-09-28 中移(杭州)信息技术有限公司 Data processing method, data processing device, proxy server and storage medium
CN113472719A (en) * 2020-03-31 2021-10-01 成都鼎桥通信技术有限公司 Method, device and storage medium for protocol analysis of gatekeeper based on data ferry
CN114401133A (en) * 2022-01-13 2022-04-26 中电福富信息科技有限公司 Equipment monitoring vulnerability detection system based on agent

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055659B (en) * 2009-11-10 2012-08-22 中国科学院计算技术研究所 Method for establishing NAT (Network Address Translation) traversal channel by system terminal equipment
CN102065111B (en) * 2009-11-13 2015-02-25 北京神州绿盟信息安全科技股份有限公司 Reverse proxy method and reverse proxy server
CN101867609A (en) * 2010-06-03 2010-10-20 中兴通讯股份有限公司 Method for media gateway agent and device thereof
CN102318323A (en) * 2011-07-30 2012-01-11 华为技术有限公司 NAT disposal method, equipment and system of call between private network and off-network clients
CN102318323B (en) * 2011-07-30 2013-10-02 华为技术有限公司 NAT disposal method, equipment and system of call between private network and off-network clients
CN102291402A (en) * 2011-08-09 2011-12-21 中国联合网络通信集团有限公司 Method, device and system for passing through private network
CN102291402B (en) * 2011-08-09 2014-05-14 中国联合网络通信集团有限公司 Method, device and system for passing through private network
CN104580543A (en) * 2013-10-16 2015-04-29 福达新创通讯科技(厦门)有限公司 Data transmission method and system as well as recording medium
CN103686198A (en) * 2013-12-30 2014-03-26 优视科技有限公司 Video data processing method, device and system
CN103929438A (en) * 2014-05-06 2014-07-16 中国联合网络通信集团有限公司 Firewall traversal method, equipment and system based on web page browser communication
CN103929438B (en) * 2014-05-06 2017-02-15 中国联合网络通信集团有限公司 Firewall traversal method, equipment and system based on web page browser communication
CN104125145B (en) * 2014-08-12 2017-05-17 中国联合网络通信集团有限公司 Web browser based communication method, web browser based communication equipment and web browser based communication system
CN104125145A (en) * 2014-08-12 2014-10-29 中国联合网络通信集团有限公司 Web browser based communication method, web browser based communication equipment and web browser based communication system
CN105530310B (en) * 2015-12-22 2019-03-08 浙江宇视科技有限公司 It is suitble to equipment connection method and the device of public affairs VPN traffics forwarding
CN105530310A (en) * 2015-12-22 2016-04-27 浙江宇视科技有限公司 Device connection method and apparatus suitable for traffic forwarding of private and public networks
CN106375493A (en) * 2016-10-10 2017-02-01 腾讯科技(深圳)有限公司 Cross-network communication method and proxy servers
CN106790758A (en) * 2016-12-29 2017-05-31 杭州迪普科技股份有限公司 A kind of method and device of the network object of access NAT network internals
CN107154942A (en) * 2017-05-16 2017-09-12 苏州云屏网络科技有限公司 A kind of method that automation services are provided by third-party server
CN107329713A (en) * 2017-06-27 2017-11-07 福州汇思博信息技术有限公司 The Method of printing and system of a kind of cross-network segment
CN107329713B (en) * 2017-06-27 2020-08-18 福州汇思博信息技术有限公司 Cross-network-segment printing method and system
CN109286647A (en) * 2017-07-21 2019-01-29 杭州海康威视数字技术股份有限公司 The method and apparatus for obtaining multi-medium data
CN109286647B (en) * 2017-07-21 2022-03-08 杭州海康威视数字技术股份有限公司 Method and device for acquiring multimedia data
WO2019061521A1 (en) * 2017-09-30 2019-04-04 深圳前海达闼云端智能科技有限公司 Proxy forwarding method and device, proxy server and multi-level proxy network
CN108810012A (en) * 2018-07-02 2018-11-13 北京明朝万达科技股份有限公司 Communication means based on Session Initiation Protocol and device
CN108810012B (en) * 2018-07-02 2020-11-10 北京明朝万达科技股份有限公司 Communication method and device based on SIP protocol
CN109327535B (en) * 2018-11-09 2022-02-22 郑州云海信息技术有限公司 Database access method, system, middleware equipment and medium
CN109327535A (en) * 2018-11-09 2019-02-12 郑州云海信息技术有限公司 A kind of data bank access method, system, middleware equipment and medium
CN110266713A (en) * 2019-06-28 2019-09-20 深圳市网心科技有限公司 Intranet and extranet communication means, device, system and proxy server and storage medium
CN110661858A (en) * 2019-09-12 2020-01-07 南京博联智能科技有限公司 Websocket-based intranet penetration method and system
CN110730237A (en) * 2019-10-21 2020-01-24 深圳市网心科技有限公司 Data transmission method, device, system and equipment
CN113472719A (en) * 2020-03-31 2021-10-01 成都鼎桥通信技术有限公司 Method, device and storage medium for protocol analysis of gatekeeper based on data ferry
CN113472719B (en) * 2020-03-31 2023-10-10 成都鼎桥通信技术有限公司 Method, equipment and storage medium for protocol analysis of gatekeeper based on data ferry
CN113452686A (en) * 2021-06-23 2021-09-28 中移(杭州)信息技术有限公司 Data processing method, data processing device, proxy server and storage medium
CN113452686B (en) * 2021-06-23 2022-10-18 中移(杭州)信息技术有限公司 Data processing method, data processing device, proxy server and storage medium
CN114401133A (en) * 2022-01-13 2022-04-26 中电福富信息科技有限公司 Equipment monitoring vulnerability detection system based on agent
CN114401133B (en) * 2022-01-13 2023-12-01 中电福富信息科技有限公司 Equipment monitoring vulnerability detection system based on agent

Similar Documents

Publication Publication Date Title
CN101262478A (en) Method and device for penetrating NAT
US11032739B2 (en) Dynamic header compression for constrained networks
CN101136929B (en) Internet small computer system interface data transmission method and apparatus
CN101702718A (en) Method and device for managing user terminal equipment
US11824685B2 (en) Method for implementing GRE tunnel, access point and gateway
CN106559302A (en) Single tunnel method for building up, device and system
CN101895520B (en) Widget system data sharing method, server and data sharing system
US20050232273A1 (en) Communications system and a gateway device
CN103997539A (en) Radar operation state collecting and distributing system and method based on web service
CN105323229A (en) CPE-based data transmission method, network element, platform and system
CN109936492A (en) A kind of methods, devices and systems by tunnel transmission message
JP6511624B2 (en) Multimedia sharing method, registration method, server and proxy server
CN102404616B (en) Method and system for pushing data cloud based on digital television network
EP2854350B1 (en) System and method for cross-network data storage
CN102970387A (en) Domain name resolution method, device and system
CN102594886A (en) Method and device for direct communication between browsers, and communication system
CN101257517B (en) Method and device for processing address analysis protocol request message
CN103414713A (en) Method, device and DLNA device with access to cloud medium resource
CN101465783B (en) Connection method, device and connection network bridge for isomery household network appliances
CN101465858B (en) Method for implementing private network penetration of monitoring business, network appliance and server
CN104702565B (en) Media resource shared method, shared server and shared system
CN101834915A (en) NAT (Network Address Translation) penetration system and method based on power substation data acquisition
CN106657039B (en) Portal page acquisition method, wireless AP and Portal server
CN102291402B (en) Method, device and system for passing through private network
CN105263127B (en) SMS communication method and apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20080910