CN102325197A - Method for communication between intranet equipment and internet equipment and network address transformation equipment - Google Patents

Method for communication between intranet equipment and internet equipment and network address transformation equipment Download PDF

Info

Publication number
CN102325197A
CN102325197A CN201110134271A CN201110134271A CN102325197A CN 102325197 A CN102325197 A CN 102325197A CN 201110134271 A CN201110134271 A CN 201110134271A CN 201110134271 A CN201110134271 A CN 201110134271A CN 102325197 A CN102325197 A CN 102325197A
Authority
CN
China
Prior art keywords
equipment
address
intranet
message
public network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201110134271A
Other languages
Chinese (zh)
Other versions
CN102325197B (en
Inventor
王军
周迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201110134271.2A priority Critical patent/CN102325197B/en
Publication of CN102325197A publication Critical patent/CN102325197A/en
Application granted granted Critical
Publication of CN102325197B publication Critical patent/CN102325197B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a method for communication between intranet equipment and internet equipment and NAT (Network Address Transformation) equipment. The method comprises the steps of: classifying an interface connected with first intranet equipment and a public network interface of the NAT equipment per se into a same VLAN (Virtual Local Area Network) by the NAT equipment, classifying an interface connected with second intranet equipment of the NAT equipment per se into the other VLAN by the NAT equipment, issuing a public network IP (Internet Protocol) address and a gateway address, distributed to the first intranet equipment, on a virtual interface enabled by the NAT equipment per se, and setting ARP (Address Resolution Protocol) information of the IP address to be a silent state; forwarding a received message sent by the first intranet equipment to the internet from a public network interface located in the same VLAN with an ingress interface of the message; forwarding a message, which is sent by the second intranet equipment to the internet and transformed by a network address port, from the public network interface; and forwarding a message sent by the internet equipment according to whether the message is matched with a NAT forwarding table. By applying the method and the NAT equipment, provided by the invention, one equipment in a local area network can interact with a public network rapidly by using the public network IP address, and other equipment in the local area network interact with the public network through NAT.

Description

The method and the network address translation apparatus of a kind of Intranet equipment and outer net devices communicating
Technical field
The present invention relates to the network address translation (nat) applied technical field, the method and the NAT device of particularly a kind of Intranet equipment and outer net devices communicating.
Background technology
Along with the fast development of Internet technology, Internet Protocol (IP) address is more and more deficienter, and in order to address this problem, the NAT technology is arisen at the historic moment.NAT is another IP address with the IP address transition in the IP datagram literary composition head, thereby realizes using the more private network IP address of a spot of public network IP address representative, the exhaustion that slows down the IP available address space.
Fig. 1 is the process sketch map of existing NAT processing mode.As shown in Figure 1; Realize the exchanging visit of the FTP server (FTP server) in private network main frame (Host) and the public network; Need in NAT, dispose the mapping of private net address 192.168.0.10 to public network address 50.10.10.10, concrete processing procedure may further comprise the steps:
Step 101: successfully set up control connection through transmission control protocol (TCP) three-way handshake between private network Host and the public network FTP server.
Step 102:Host carries private network Host data designated purpose of connecting address and port to FTP server transmit port (Port) message in the Port message load, be used to notify FTP server to use this address to be connected with oneself carrying out data with port.
Step 103:Port message is through NAT device the time; Private net address in the message load and port can be converted into corresponding public network address and port; Promptly; NAT device converts the private net address 192.168.0.10 in the Port message load that receives to public network address 50.10.10.10, and port one 024 converts 5000 to.
Need to prove in this step, to have only when NAT device possesses ALG (ALG) function, NAT device can be changed address and port in the Port message load that receives, to accomplish private network mutual with public network.
Step 104: after the FTP server of public network receives the Port message, resolve its content, and initiate the data connection to Host, this data purpose of connecting address is 50.10.10.10, and port is 5000.
Step 105:Port message is through NAT device the time; Public network address in the message load and port can be converted into corresponding private net address and port; Promptly; NAT device converts the public network address 50.10.10.10 in the Port message load that receives to private net address 192.168.0.10, and port 5000 converts 1024 to.
The same with step 103, in this step, also be to have only when NAT device possesses ALG (ALG) function, NAT device can be changed address and port in the Port message load that receives, to accomplish private network mutual with public network.
Step 106: after having accomplished address and port translation, FTP server initiates data to Host and connects.
So far, promptly accomplished the entire work process of existing NAT processing mode.After having set up the data connection, Host can be connected enterprising data transfer in the data of having set up with FTP server.
Fig. 2 is existing a kind of home intranet topology sketch map; As shown in Figure 2; Carry out when mutual with the server in the public network IP address that web camera in the local area network (LAN) (IPC), personal computer-A (PC-A) or PC-B utilize same public network; Normally realize, respectively this dual mode is introduced below through virtual server (claiming port mapping again) or isolated area (DMZ) mode.
The virtual server mode: be that server ip address, port numbers (internal port) in public network IP address, port numbers (outside port) and the local area network (LAN) are set up mapping relations in essence, all visits to this public network mouth serve port will be redirected to the respective inner port of server in the corresponding local area network (LAN).
The DMZ mode: in fact the DMZ main frame is exactly a default virtual server; When the DMZ main frame receives a connection request from external network; At first search the Virtual Service tabulation,, just send to the corresponding virtual server to request message and get on if the list item of coupling is arranged.If do not find the list item of coupling, just directly be revised as the purpose IP of this message the IP address of the DMZ main frame that sets in advance, be forwarded to the DMZ main frame then and get on.
Can find out through above-mentioned analysis; The virtual server mode or the DMZ mode that are adopted in the existing home intranet have all adopted the NAT conversion in essence; Need be another IP address all promptly, and need NAT device to have the ALG function when adopting the NAT mode, for some proprietary protocol, or also do not support the agreement of ALG function at present an IP address transition; Can't penetrating NAT equipment, the equipment in the local area network (LAN) also just can't realized mutual with the server in the public network.Further, for certain equipment in the local area network (LAN), possibly need continually with public network in server carry out alternately, and existing processing mode need be carried out address translation process, has also just delayed reciprocal process.
Summary of the invention
In view of this; The invention provides the method for a kind of Intranet equipment and outer net devices communicating; Can make an equipment utilization public network IP address in the local area network (LAN) realize quickly realizing mutual with public network through the NAT conversion, and implementation is flexible with mutual, the miscellaneous equipment of public network.
The present invention also provides a kind of NAT device, can make an equipment utilization public network IP address in the local area network (LAN) realize quickly realizing mutual with public network with mutual, the miscellaneous equipment of public network through the NAT conversion, and implementation is flexible.
In order to achieve the above object, the technical scheme of the present invention's proposition is:
The method of a kind of Intranet equipment and outer net devices communicating, this method comprises:
Network address translation device puts interface that self links to each other with Intranet first equipment and the public network interface of self under same virtual LAN VLAN; Put self under another VLAN with interface that Intranet second equipment links to each other; On the virtual interface of self launching, issue public network IP address and the gateway address of distributing to said Intranet first equipment, and the ARP information that this Internet Protocol IP address is set is silent status;
When said Intranet first equipment and outer net equipment communicate; NAT device receives the message that said Intranet first equipment sends to outer net; The purpose media access control MAC address of this message is the MAC Address of gateway; NAT device carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message forwards;
When said Intranet second equipment and outer net equipment communicate; NAT device receives the message that said Intranet second equipment sends to outer net; This message is carried out the network address port conversion process; Source IP address after the conversion is the said public network IP address of distributing to Intranet first equipment, and NAT transmits at local record, and the message that will carry out after the network address port conversion process forwards from the public network interface;
When the message of outer net equipment transmission arrives NAT device; NAT device matees said NAT with purpose IP address and port numbers to be transmitted; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said first equipment.
On the virtual interface of self launching, issuing public network IP address and the gateway address of distributing to said Intranet first equipment comprises:
When said Intranet first equipment obtains public network IP address through the dynamic host configuration protocol DHCP mode; NAT device is intercepted said Intranet first equipment and the mutual DHCP message of Dynamic Host Configuration Protocol server, and client ip address and gateway address are issued on the virtual interface in the DHCP ACK type message that frame is heard;
When said Intranet first equipment obtained station IP address through the peer-peer protocol PPPOE mode on the Ethernet, the NAT device frame was listened the mutual message of PPPOE process, was issued on the virtual interface for the IP address of said first equipment PPPOE server-assignment;
When the said Intranet first equipment static configuration public network IP address gateway address, NAT device is this public network IP address of static configuration and gateway address on the virtual interface of self.
This method further comprises:
When said Intranet first equipment and Intranet second devices communicating, NAT device carries out three layers of forwarding according to the purpose IP of the message that receives.
A kind of network address translation device, this NAT device comprises: division unit, issue unit and processing unit, wherein,
Said division unit is used for putting the interface and the public network interface that link to each other with Intranet first equipment under same virtual LAN VLAN, and the interface that will link to each other with Intranet second equipment puts another VLAN under;
The said unit that issues is used on the virtual interface of launching, issuing public network Internet Protocol IP address and the gateway address of distributing to said Intranet first equipment, and the ARP information that this IP address is set is silent status;
Said processing unit; Be used for; When said Intranet first equipment and outer net equipment communicate, receive the message that said Intranet first equipment sends to outer net, the purpose media access control MAC address of this message is the MAC Address of gateway; NAT device carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message forwards;
When said Intranet second equipment and outer net equipment communicate; Receive the message that said Intranet second equipment sends to outer net; This message is carried out the network address port conversion process; Source IP address after the conversion is the said public network IP address of distributing to Intranet first equipment, and NAT transmits in the local record network address translation, and the message that will carry out after the network address port conversion process forwards from the public network interface;
When the message of outer net equipment transmission arrives NAT device; Mating said NAT with purpose IP address and port numbers transmits; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said first equipment.
The said unit that issues; Also be used for; When said Intranet first equipment obtains public network IP address through the dynamic host configuration protocol DHCP mode; Intercept said Intranet first equipment and the mutual DHCP message of Dynamic Host Configuration Protocol server, client ip address and gateway address are issued on the virtual interface in the DHCP ACK type message that frame is heard;
When said Intranet first equipment obtained station IP address through the peer-peer protocol PPPOE mode on the Ethernet, frame was listened the mutual message of PPPOE process, was issued on the virtual interface for the IP address of said first equipment PPPOE server-assignment;
When the said Intranet first equipment static configuration public network IP address gateway address, this public network IP address of static configuration and gateway address on virtual interface.
Said processing unit also is used for, and when said Intranet first equipment and Intranet second devices communicating, carries out three layers of forwarding according to the purpose IP of the message that receives.
In sum; The Intranet equipment that the present invention adopted and the method and the NAT device of outer net devices communicating; Be through putting interface that self links to each other and the public network interface of self under same VLAN with Intranet first equipment; Put self under another VLAN with interface that Intranet second equipment links to each other, on the virtual interface of self launching, issue public network IP address and the gateway address of distributing to said Intranet first equipment, thereby make when Intranet first equipment and outer net communicate; Need not conversion, but directly message is forwarded from the public network interface that the incoming interface with this message is positioned at same VLAN through NAT; And Intranet second equipment and outer net equipment need be changed through NAT and carry out when communicating; When the message that sends when outer net equipment arrived NAT device, NAT device can transmit that really message to be transmitted to Intranet first equipment still be Intranet second equipment according to whether matching NAT.Therefore; The Intranet equipment that the present invention adopted and the method for outer net devices communicating can make with Intranet first equipment directly through public network IP address need not to carry out NAT conversion directly and public network carry out alternately; And Intranet second equipment need pass through NAT and converts mutual with public network, and Intranet first equipment and Intranet second equipment are same public network IP address to the public network IP address of outer net demonstration.
Description of drawings
Fig. 1 is the process sketch map of existing NAT processing mode
Fig. 2 is existing a kind of home intranet topology sketch map;
Fig. 3 is the workflow diagram of Intranet equipment of the present invention and outer net devices communicating method;
Fig. 4 is the structural representation of the NAT device that the present invention adopted.
Embodiment
In order to solve the problem that exists in the prior art, the present invention proposes a kind of new Intranet equipment and the method for outer net devices communicating, its concrete realization comprises:
NAT device puts interface that self links to each other with Intranet first equipment and the public network interface of self under same VLAN; Put self under another VLAN with interface that Intranet second equipment links to each other; On the virtual interface of self launching, issue public network IP address and the gateway address of distributing to said Intranet first equipment, and the ARP information that this IP address is set is silent status;
When said Intranet first equipment and outer net equipment communicate; NAT device receives the message that said Intranet first equipment sends to outer net; The target MAC (Media Access Control) address of this message is the MAC Address of gateway; NAT device carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message forwards;
When said Intranet second equipment and outer net equipment communicate; NAT device receives the message that said Intranet second equipment sends to outer net; This message is carried out the network address port conversion process; Source IP address after the conversion is the said public network IP address of distributing to Intranet first equipment, and NAT transmits at local record, and the message that will carry out after the network address port conversion process forwards from the public network interface;
When the message of outer net equipment transmission arrives NAT device; NAT device matees said NAT with purpose IP address and port numbers to be transmitted; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said first equipment.
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing and specific embodiment that the present invention is done to describe in detail further below.
Fig. 3 is the workflow diagram of Intranet equipment of the present invention and outer net devices communicating method.As shown in Figure 3, this flow process comprises in advance and to be provided with and message is handled two processes, and wherein, being provided with in advance can be referring to step 301-302, and message is handled can be referring to step 303-308, below respectively these two processes described in detail:
Step 301:NAT equipment puts interface that self links to each other with Intranet first equipment and self public network interface under same VLAN, puts self under another VLAN with interface that Intranet second equipment links to each other.
Need to prove; In this step, because Intranet first equipment need utilize public network IP address directly to communicate with outer net equipment, so the directly first gateway that message is sent to oneself of Intranet first equipment; The target MAC (Media Access Control) address of the message of encapsulation is the MAC Address of gateway; Then, this message is carried out two layers of forwarding, send from the public network interface by NAT device.The interface that therefore, need NAT device be linked to each other with Intranet first equipment and the interface of NAT device self put same VLAN under.
Step 302:NAT equipment issues public network IP address and the gateway address of distributing to said Intranet first equipment on the virtual interface of self launching, and the ARP information that this IP address is set is silent status.
Need to prove that in this step, Intranet first equipment obtains public network IP address can adopt following three kinds of modes:
1, the peer-peer protocol on the Ethernet (PPPOE) mode; Carry out quick mutual equipment with public network and obtain public network IP address; NAT device is monitored the mutual message that carries out fast mutual equipment PPPOE process with public network, during the stage, monitors the Address Confirmation message that the PPPOE server is given the response of PPPOE client to IP control protocol (IPCP) mutual; Note server and give the IP address of PPPOE client, this IP address is public network IP address;
2, DHCP (DHCP) obtain manner; NAT device is monitored DHCP confirmation (ACK) type message of DHCP message; At client ip address (Client IP Address) and the gateway information noted in the DHCP ACK message, this IP address is public network IP address;
3, the manual mode of static configuration, this mode need be on NAT device information such as manual static configuration public network IP address and gateway.
In reality, also can adopt other modes to obtain public network IP address and public network gateway information, be as the criterion with the realization that does not influence the embodiment of the invention.
What also need explain is; After listening to public network IP address and gateway address; NAT device need be launched a virtual interface; And on this virtual interface, issue public network IP address and the gateway address that listens to, so that can carry out alternately according to public network IP address and public network, when going to outer net, Intranet equipment can utilize the address on this virtual interface to set up the NAT forwarding-table item with Intranet first equipment.Simultaneously, the ARP(Address Resolution Protocol) information that NAT device need be set the public network IP address that listens to is silent status, promptly neither sends the request that gratuitous ARP is not responded this ARP yet, to avoid taking place address conflict.
In this step; Intranet first equipment need communicate with outer net equipment utilization public network IP address; Therefore; NAT device is set neither sends gratuitous ARP packet, also do not respond ARP request message, to avoid detecting IP address conflict between NAT device and Intranet first equipment to this public network IP address to public network IP address.
After having accomplished above-mentioned setting; Can carry out communicating by letter between Intranet equipment and the outer net equipment; In the present embodiment, mainly with Intranet go to the message of outer net, these three kinds of messages of message of message, Intranet first equipment and Intranet second devices communicating that outer net is gone to Intranet are that example is introduced concrete processing procedure:
Go to the message of outer net for Intranet,
Whether interface and public network interface that the Intranet that the judgement of step 303:NAT equipment receives is gone to the message of outer net belong to same VLAN, if, execution in step 304; Otherwise, execution in step 305.
Step 304:NAT equipment carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message is transmitted.
The message that step 305:NAT equipment is gone to outer net according to existing mode to the Intranet that receives is handled, the end process process.
When NAT device is judged the Intranet that receives and is gone to interface and the public network interface of the message of outer net and do not belong to same VLAN; Explain that the equipment that sends this message is not to carry out quick mutual equipment with public network; Also be Intranet second equipment, then handle getting final product, also promptly this message is handled according to existing procedure according to the prior NAT forwarding-table item; Specifically how adopting existing procedure to handle message can repeat no more referring to Fig. 1 here.
Need to prove that the prior NAT forwarding-table item can be referring to like following table 1.
Table 1
Protocol GlobalAddr GlobalPort InsideAddr Port DestAddr Port
TCP 200.0.0.28 12288 192.168.0.10 512 162.105.26.246 512
So far, promptly accomplished the processing procedure of Intranet being gone to the message of outer net.
Go to the message of Intranet for outer net,
Message and NAT forwarding-table item that step 306:NAT equipment is gone to Intranet with the outer net that receives mate, if match corresponding NAT forwarding-table item, then execution in step 307; Otherwise, execution in step 308.
The message that step 307:NAT equipment is gone to Intranet according to existing mode to the outer net that receives is handled, the end process process.
Step 308:NAT equipment sends this message from the interface that the incoming interface with this message is positioned at same VLAN, promptly directly send to Intranet first equipment.
Need to prove; When the message of outer net equipment transmission arrives NAT device; NAT device matees said NAT with purpose IP address and port numbers to be transmitted; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said Intranet first equipment.
So far, promptly accomplished the processing procedure of outer net being gone to the message of Intranet.
For the message of Intranet first equipment and Intranet second devices communicating,
Step 309:NAT equipment is searched routing table according to the purpose IP of the message that receives, and directly carries out three layers of forwarding.
When with public network carry out in quick mutual equipment and the Intranet with its not when the miscellaneous equipment of the same network segment communicates, when message reached NAT device, NAT device detected these two equipment not at the same network segment; Need carry out three layers of forwarding; Promptly search routing table, find that its next jumping is a directly connected subnet, look into the ARP table again; The MAC Address that encapsulation is corresponding, the outgoing interface corresponding from this MAC Address forwards.
So far, promptly accomplished processing procedure to the message of Intranet first equipment and Intranet second devices communicating.
After the processing of having accomplished above-mentioned three kinds of messages, promptly accomplished the whole workflow of the method for Intranet equipment of the present invention and outer net devices communicating.
Based on said method, Fig. 4 is the structural representation of the NAT device that the present invention adopted, and as shown in Figure 4, this NAT device comprises: division unit 41, issue unit 42 and processing unit 43, wherein,
Said division unit 41 is used for putting the interface and the public network interface that link to each other with Intranet first equipment under same VLAN, and the interface that will link to each other with Intranet second equipment puts another VLAN under.
Since Intranet first equipment need utilize public network IP address directly and outer net equipment communicate; So Intranet first equipment directly sends to message the gateway of oneself earlier; The target MAC (Media Access Control) address of the message of encapsulation is the MAC Address of gateway; Then, need carry out two layers of forwarding, send from the public network interface to this message.Therefore, need put interface and the public network interface that Intranet first equipment links to each other under same VLAN.
The said unit 42 that issues is used on the virtual interface of launching, issuing public network IP address and the gateway address of distributing to said Intranet first equipment, and the ARP information that this IP address is set is silent status.
Further; The said unit 42 that issues; Also be used for when said Intranet first equipment obtains public network IP address through the DHCP mode; Intercept said Intranet first equipment and the mutual DHCP message of Dynamic Host Configuration Protocol server, client ip address and gateway address are issued on the virtual interface in the DHCP ACK type message that frame is heard;
When said Intranet first equipment obtained station IP address through the PPPOE mode, frame was listened the mutual message of PPPOE process, was issued on the virtual interface for the IP address of said first equipment PPPOE server-assignment;
When the said Intranet first equipment static configuration public network IP address gateway address, this public network IP address of static configuration and gateway address on virtual interface.
Said processing unit 43; When being used for said Intranet first equipment and outer net equipment and communicating; Receive the message that said Intranet first equipment sends to outer net; The target MAC (Media Access Control) address of this message is the MAC Address of gateway, and NAT device carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message forwards;
When said Intranet second equipment and outer net equipment communicate; Receive the message that said Intranet second equipment sends to outer net; This message is carried out the network address port conversion process; Source IP address after the conversion is the said public network IP address of distributing to Intranet first equipment, and NAT transmits at local record, and the message that will carry out after the network address port conversion process forwards from the public network interface;
When the message of outer net equipment transmission arrives NAT device; Mating said NAT with purpose IP address and port numbers transmits; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said first equipment.
Further, said processing unit 41 also is used for, and when said Intranet first equipment and Intranet second devices communicating, carries out three layers of forwarding according to the purpose IP of the message that receives.
So far, promptly obtained the NAT device that the present invention adopted.
The concrete workflow of the NAT that Fig. 4 adopted repeats no more please with reference to the respective description among the method embodiment shown in Figure 3 here.
In a word; The Intranet equipment that the present invention adopted and the method and the NAT device of outer net devices communicating; Be through putting interface that self links to each other and the public network interface of self under same VLAN with Intranet first equipment; Put self under another VLAN with interface that Intranet second equipment links to each other, on the virtual interface of self launching, issue public network IP address and the gateway address of distributing to said Intranet first equipment, thereby make when Intranet first equipment and outer net communicate; Need not conversion, but directly message is forwarded from the public network interface that the incoming interface with this message is positioned at same VLAN through NAT; And Intranet second equipment and outer net equipment need be changed through NAT and carry out when communicating; When the message that sends when outer net equipment arrived NAT device, NAT device can transmit that really message to be transmitted to Intranet first equipment still be Intranet second equipment according to whether matching NAT.Therefore; The Intranet equipment that the present invention adopted and the method for outer net devices communicating can make with Intranet first equipment directly through public network IP address need not to carry out NAT conversion directly and public network carry out alternately; And Intranet second equipment need pass through NAT and converts mutual with public network, and Intranet first equipment and Intranet second equipment are same public network IP address to the public network IP address of outer net demonstration.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.

Claims (6)

1. the method for Intranet equipment and outer net devices communicating is characterized in that this method comprises:
Network address translation device puts interface that self links to each other with Intranet first equipment and the public network interface of self under same virtual LAN VLAN; Put self under another VLAN with interface that Intranet second equipment links to each other; On the virtual interface of self launching, issue public network Internet Protocol IP address and the gateway address of distributing to said Intranet first equipment, and the ARP information that this IP address is set is silent status;
When said Intranet first equipment and outer net equipment communicate; NAT device receives the message that said Intranet first equipment sends to outer net; The purpose media access control MAC address of this message is the MAC Address of gateway; NAT device carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message forwards;
When said Intranet second equipment and outer net equipment communicate; NAT device receives the message that said Intranet second equipment sends to outer net; This message is carried out the network address port conversion process; Source IP address after the conversion is the said public network IP address of distributing to Intranet first equipment, and NAT transmits at local record, and the message that will carry out after the network address port conversion process forwards from the public network interface;
When the message of outer net equipment transmission arrives NAT device; NAT device matees said NAT with purpose IP address and port numbers to be transmitted; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said first equipment.
2. method according to claim 1 is characterized in that, on the virtual interface of self launching, issues public network IP address and the gateway address of distributing to said Intranet first equipment and comprises:
When said Intranet first equipment obtains public network IP address through the dynamic host configuration protocol DHCP mode; NAT device is intercepted said Intranet first equipment and the mutual DHCP message of Dynamic Host Configuration Protocol server, and client ip address and gateway address are issued on the virtual interface in the DHCP ACK type message that frame is heard;
When said Intranet first equipment obtained station IP address through the peer-peer protocol PPPOE mode on the Ethernet, the NAT device frame was listened the mutual message of PPPOE process, was issued on the virtual interface for the IP address of said first equipment PPPOE server-assignment;
When the said Intranet first equipment static configuration public network IP address gateway address, NAT device is this public network IP address of static configuration and gateway address on the virtual interface of self.
3. method according to claim 1 is characterized in that, this method further comprises:
When said Intranet first equipment and Intranet second devices communicating, NAT device carries out three layers of forwarding according to the purpose IP of the message that receives.
4. a network address translation device is characterized in that, this NAT device comprises: division unit, issue unit and processing unit, wherein,
Said division unit is used for putting the interface and the public network interface that link to each other with Intranet first equipment under same virtual LAN VLAN, and the interface that will link to each other with Intranet second equipment puts another VLAN under;
The said unit that issues is used on the virtual interface of launching, issuing public network Internet Protocol IP address and the gateway address of distributing to said Intranet first equipment, and the ARP information that this IP address is set is silent status;
Said processing unit; Be used for; When said Intranet first equipment and outer net equipment communicate, receive the message that said Intranet first equipment sends to outer net, the purpose media access control MAC address of this message is the MAC Address of gateway; NAT device carries out two layers of forwarding with this message, and the public network interface that is positioned at same VLAN from the incoming interface with this message forwards;
When said Intranet second equipment and outer net equipment communicate; Receive the message that said Intranet second equipment sends to outer net; This message is carried out the network address port conversion process; Source IP address after the conversion is the said public network IP address of distributing to Intranet first equipment, and NAT transmits in the local record network address translation, and the message that will carry out after the network address port conversion process forwards from the public network interface;
When the message of outer net equipment transmission arrives NAT device; Mating said NAT with purpose IP address and port numbers transmits; If can mate list item wherein, the message that will then carry out after the network address port conversion process also will be changed according to the list item content recorded sends Intranet second equipment; If fail to mate list item wherein then directly message be transmitted to said first equipment.
5. NAT device according to claim 4; It is characterized in that; The said unit that issues also is used for, when said Intranet first equipment obtains public network IP address through the dynamic host configuration protocol DHCP mode; Intercept said Intranet first equipment and the mutual DHCP message of Dynamic Host Configuration Protocol server, client ip address and gateway address are issued on the virtual interface in the DHCP ACK type message that frame is heard;
When said Intranet first equipment obtained station IP address through the peer-peer protocol PPPOE mode on the Ethernet, frame was listened the mutual message of PPPOE process, was issued on the virtual interface for the IP address of said first equipment PPPOE server-assignment;
When the said Intranet first equipment static configuration public network IP address gateway address, this public network IP address of static configuration and gateway address on virtual interface.
6. NAT device according to claim 4 is characterized in that said processing unit also is used for, and when said Intranet first equipment and Intranet second devices communicating, carries out three layers of forwarding according to the purpose IP of the message that receives.
CN201110134271.2A 2011-05-23 2011-05-23 Method for communication between intranet equipment and internet equipment and network address transformation equipment Active CN102325197B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110134271.2A CN102325197B (en) 2011-05-23 2011-05-23 Method for communication between intranet equipment and internet equipment and network address transformation equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110134271.2A CN102325197B (en) 2011-05-23 2011-05-23 Method for communication between intranet equipment and internet equipment and network address transformation equipment

Publications (2)

Publication Number Publication Date
CN102325197A true CN102325197A (en) 2012-01-18
CN102325197B CN102325197B (en) 2014-03-12

Family

ID=45452865

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110134271.2A Active CN102325197B (en) 2011-05-23 2011-05-23 Method for communication between intranet equipment and internet equipment and network address transformation equipment

Country Status (1)

Country Link
CN (1) CN102325197B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546444A (en) * 2012-03-28 2012-07-04 杭州华三通信技术有限公司 Method for accessing private network through layer 2 tunneling protocol and server
CN102916865A (en) * 2012-11-08 2013-02-06 浙江宇视科技有限公司 Monitoring service management method and device
CN102984202A (en) * 2012-10-31 2013-03-20 广东天波信息技术股份有限公司 System achieving Telnet web management by traversing network address translation (NAT) device and method thereof
CN103078964A (en) * 2012-12-21 2013-05-01 浙江宇视科技有限公司 Method and device capable of establishing business between NVC (Network Video Client) equipment and NVT (Network Video Transmitter) equipment
CN104301123A (en) * 2014-10-05 2015-01-21 陈为人 Electricity saving method and device for household cloud computing host computer
CN104702713A (en) * 2015-03-26 2015-06-10 杭州华三通信技术有限公司 Method and device for forwarding data message
CN106169960A (en) * 2016-08-31 2016-11-30 河南黎明重工科技股份有限公司 Mining machinery controls equipment networking module and networking method
CN107770297A (en) * 2017-09-28 2018-03-06 上海斐讯数据通信技术有限公司 A kind of application process and system of router and router
CN107911415A (en) * 2017-10-20 2018-04-13 深圳市网心科技有限公司 Multiplex system and its method, the storage medium and terminal of TCP flow
CN108429684A (en) * 2018-03-30 2018-08-21 上海地面通信息网络股份有限公司 A kind of Network Access Method redirected based on dynamic routing with IP mapping techniques
CN109194775A (en) * 2018-09-06 2019-01-11 杭州光芯科技有限公司 A kind of improved adaptively shared network based on NAT technology
CN110365557A (en) * 2018-03-26 2019-10-22 中兴通讯股份有限公司 A kind of method and device of network interconnection
CN110650222A (en) * 2019-10-31 2020-01-03 北京奇艺世纪科技有限公司 Network access method and device
CN110855684A (en) * 2019-11-18 2020-02-28 深圳前海环融联易信息科技服务有限公司 Network isolation management method and device, computer equipment and storage medium
CN110890984A (en) * 2019-11-27 2020-03-17 山东九州信泰信息科技股份有限公司 Dual-computer hot standby switching method based on isolation device
CN112073494A (en) * 2020-08-31 2020-12-11 成都新潮传媒集团有限公司 Method, device and storage medium for establishing connection
CN112333713A (en) * 2020-10-27 2021-02-05 广东工贸职业技术学院 5G ad hoc network system, ad hoc network method, computer device and storage medium
CN113765801A (en) * 2020-07-16 2021-12-07 北京京东尚科信息技术有限公司 Message processing method and device applied to data center, electronic equipment and medium
CN114531417A (en) * 2020-10-30 2022-05-24 华为技术有限公司 Communication method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325553A (en) * 2008-08-04 2008-12-17 杭州华三通信技术有限公司 Method for ISCSI data to traverse NAT and inner network memory system
CN101945110A (en) * 2010-09-20 2011-01-12 中兴通讯股份有限公司 Configuration method and device of address resolution protocol entry
CN101986666A (en) * 2010-11-05 2011-03-16 清华大学 Network data transmission method based on virtual network interface and reverse address resolution

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325553A (en) * 2008-08-04 2008-12-17 杭州华三通信技术有限公司 Method for ISCSI data to traverse NAT and inner network memory system
CN101945110A (en) * 2010-09-20 2011-01-12 中兴通讯股份有限公司 Configuration method and device of address resolution protocol entry
CN101986666A (en) * 2010-11-05 2011-03-16 清华大学 Network data transmission method based on virtual network interface and reverse address resolution

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546444A (en) * 2012-03-28 2012-07-04 杭州华三通信技术有限公司 Method for accessing private network through layer 2 tunneling protocol and server
CN102546444B (en) * 2012-03-28 2014-08-13 杭州华三通信技术有限公司 Method for accessing private network through layer 2 tunneling protocol and server
CN102984202A (en) * 2012-10-31 2013-03-20 广东天波信息技术股份有限公司 System achieving Telnet web management by traversing network address translation (NAT) device and method thereof
CN102984202B (en) * 2012-10-31 2015-11-25 广东天波信息技术股份有限公司 A kind of cross-over NAT equipment realizes the System and method for of Telnet webmaster
CN102916865A (en) * 2012-11-08 2013-02-06 浙江宇视科技有限公司 Monitoring service management method and device
CN102916865B (en) * 2012-11-08 2015-09-09 浙江宇视科技有限公司 A kind of monitoring business management method and device
CN103078964A (en) * 2012-12-21 2013-05-01 浙江宇视科技有限公司 Method and device capable of establishing business between NVC (Network Video Client) equipment and NVT (Network Video Transmitter) equipment
CN103078964B (en) * 2012-12-21 2016-05-25 浙江宇视科技有限公司 A kind of method and apparatus that can make NVC equipment and NVT equipment set up business
CN104301123A (en) * 2014-10-05 2015-01-21 陈为人 Electricity saving method and device for household cloud computing host computer
CN104702713A (en) * 2015-03-26 2015-06-10 杭州华三通信技术有限公司 Method and device for forwarding data message
CN106169960A (en) * 2016-08-31 2016-11-30 河南黎明重工科技股份有限公司 Mining machinery controls equipment networking module and networking method
CN107770297A (en) * 2017-09-28 2018-03-06 上海斐讯数据通信技术有限公司 A kind of application process and system of router and router
CN107911415A (en) * 2017-10-20 2018-04-13 深圳市网心科技有限公司 Multiplex system and its method, the storage medium and terminal of TCP flow
CN110365557B (en) * 2018-03-26 2021-11-02 中兴通讯股份有限公司 Network interconnection method and device
CN110365557A (en) * 2018-03-26 2019-10-22 中兴通讯股份有限公司 A kind of method and device of network interconnection
CN108429684A (en) * 2018-03-30 2018-08-21 上海地面通信息网络股份有限公司 A kind of Network Access Method redirected based on dynamic routing with IP mapping techniques
CN109194775A (en) * 2018-09-06 2019-01-11 杭州光芯科技有限公司 A kind of improved adaptively shared network based on NAT technology
CN110650222A (en) * 2019-10-31 2020-01-03 北京奇艺世纪科技有限公司 Network access method and device
CN110855684A (en) * 2019-11-18 2020-02-28 深圳前海环融联易信息科技服务有限公司 Network isolation management method and device, computer equipment and storage medium
CN110890984A (en) * 2019-11-27 2020-03-17 山东九州信泰信息科技股份有限公司 Dual-computer hot standby switching method based on isolation device
CN113765801A (en) * 2020-07-16 2021-12-07 北京京东尚科信息技术有限公司 Message processing method and device applied to data center, electronic equipment and medium
CN113765801B (en) * 2020-07-16 2024-02-09 北京京东尚科信息技术有限公司 Message processing method and device applied to data center, electronic equipment and medium
CN112073494A (en) * 2020-08-31 2020-12-11 成都新潮传媒集团有限公司 Method, device and storage medium for establishing connection
CN112333713A (en) * 2020-10-27 2021-02-05 广东工贸职业技术学院 5G ad hoc network system, ad hoc network method, computer device and storage medium
CN112333713B (en) * 2020-10-27 2023-05-23 广东工贸职业技术学院 5G ad hoc network system, ad hoc network method, computer device and storage medium
CN114531417A (en) * 2020-10-30 2022-05-24 华为技术有限公司 Communication method and device
CN114531417B (en) * 2020-10-30 2023-09-22 华为技术有限公司 Communication method and device

Also Published As

Publication number Publication date
CN102325197B (en) 2014-03-12

Similar Documents

Publication Publication Date Title
CN102325197B (en) Method for communication between intranet equipment and internet equipment and network address transformation equipment
CN102859973B (en) Method, apparatus and system for address resolution
EP1441483A2 (en) Gateway for supporting communications between network devices of different private networks
TWI441493B (en) System and method for connection of hosts behind nats
EP1438830B1 (en) Method and system for contacting a device on a private network using a specialized domain name server
CN103763407A (en) Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system
US9769113B1 (en) Socket-based internet protocol for wireless networks
JP2016111711A (en) Access control method and system and access point
CN106101617A (en) A kind of message transmitting method, Apparatus and system
KR20110003209A (en) Zigbee gateway and internet protocol service server of interlocking zigbee gateway with internet protocol network
CN104168338A (en) Network address conversion device and network address conversion method
CN104283783B (en) The method and apparatus that gateway device E-Packets in a kind of plug and play network
JP6386166B2 (en) Translation method and apparatus between IPv4 and IPv6
CN102201963B (en) Media access control-forced forwarding method and functional unit
CN102647360A (en) Method and equipment for transmitting messages in VRRPE (virtual router redundancy protocol equilibrium)
CN110351772B (en) Mapping between wireless links and virtual local area networks
CN102201996A (en) Method and equipment for forwarding message in network address translation (NAT) environment
JP7401564B2 (en) Communication methods and related devices
CN101783819A (en) System and method for supporting peer-to-peer network address translation (NAT) by adopting IPv6 transition protocol
US8335210B1 (en) Socket-based internet protocol for wired networks
US20060112192A1 (en) Method and apparatus to facilitate universal plug and play interaction between different local networks
JP2007081456A (en) Converter
CN103516820A (en) Port forwarding method and apparatus based on MAC address
JP2008060747A (en) Layer 2 load balancing system, layer 2 load balancer, and layer 2 load balancing method for the same
JP2007096539A (en) Conversion apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Patentee after: NEW H3C TECHNOLOGIES Co.,Ltd.

Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base

Patentee before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd.

CP03 Change of name, title or address
TR01 Transfer of patent right

Effective date of registration: 20230612

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right