CN104702591A - Method and system for penetrating through firewall based on port forwarding multiplexing technology - Google Patents
Method and system for penetrating through firewall based on port forwarding multiplexing technology Download PDFInfo
- Publication number
- CN104702591A CN104702591A CN201410849591.XA CN201410849591A CN104702591A CN 104702591 A CN104702591 A CN 104702591A CN 201410849591 A CN201410849591 A CN 201410849591A CN 104702591 A CN104702591 A CN 104702591A
- Authority
- CN
- China
- Prior art keywords
- port
- outer net
- intranet
- application
- intranet application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a method and a system for penetrating through a firewall based on the port forwarding multiplexing technology. The method comprises the steps of acquiring IP information of an internal network application end S and an external IP address of an external network control end C; forwarding and connecting through a data interface; monitoring the data interface; acquiring data of internal network application end S. With the adoption of the port forwarding multiplexing technology, the problem that the external network users cannot access the internal network application service protected by the firewall.
Description
Technical field
The present invention relates to a kind of method and system of firewall-penetrating, be specifically related to a kind of method and system based on port repeat multiplex technique firewall-penetrating.
Background technology
In recent years, because information security events gets more and more, enterprise is more and more stricter to inner Network Acccss Control Policy, firewall security policy controls very strict to inner application system, but in practice often due to technical merit, fire compartment wall, the reasons such as route, be difficult to realize the access from outer net to Intranet, such as, in Intranet, certain station server application system is open, this service only can for Intranet user, and external user has no idea directly to access at all, therefore, want to allow external user can access system service in local area network (LAN), need be realized by port repeat multiplex technique.
The method of port repeat multiplex technique mainly by being reused by port by certain open for Intranet service port and forwarding, is set up network to the server of certain platform independent IP outside and connects.
At present, port repeat multiplex technique mainly contains following several:
1. inner counter is to connected mode, and main inside application service port mapping is to the server listening port of outer net independence IP, and outer net independence IP server connects local listening port by the machine, just can be connected to internal applications serve port.
2. outside initiatively connected mode, be mainly mapped on the port that outer net independence IP server can have access at internal applications Service-Port, the port of the direct access map of outer net independence IP server, just can be connected to internal applications serve port.
Above two kinds of modes are mainly used in the service solving local area network (LAN) inside, and outer net Internet user then cannot normally access.
Summary of the invention
For the deficiencies in the prior art, the invention provides this patent and propose a kind of method and system based on port repeat multiplex technique firewall-penetrating, use port repeat multiplex technique, solve the problem cannot accessed at the Intranet application service external user of Firewall Protection.
The object of the invention is to adopt following technical proposals to realize:
Based on a method for port repeat multiplex technique firewall-penetrating, described method comprises:
(1) the IP information of Intranet application end S and the external IP address of outer net control end C is obtained;
(2) undertaken forwarding and attended operation by FPDP;
(3) monitored data port;
(4) data of Intranet application end S are obtained.
Preferably, described step (1) comprises, described Intranet application end S arranges Intranet application port A and Intranet application forwarding port B, described outer net control end C arranges outer net listening port B and outer net listening port C, check that whether outer net listening port B and outer net listening port C is occupied, and initialization operation is carried out to the transmission data of outer net listening port B and outer net listening port C.
Preferably, described step (2) comprises, and the application service that Intranet provides by Intranet application end S is forwarded to outer net listening port C.
Further, described step (3) comprises, and net control end C monitors the port of Intranet application forwarding and the local port needing connected reference outside, waits for that Intranet application end S connects the port of monitoring.
Between Intranet application end S and outer net control end C, form the data cube computation of port-to-port, and the Intranet application port A of Intranet application end S is connected on the outer net listening port C of outer net control end C.
Further, described step (4) comprises, and when FPDP successfully connects, outer net control end C forwards port B and Intranet application port A by Intranet application and connects, and firewall-penetrating accesses the application service that Intranet provides in outer net.
Preferably, net control end C monitors the port of Intranet application forwarding and the local port needing connected reference outside, waits for that Intranet application end S connects the port of monitoring.
Preferably, when FPDP successfully connects, outer net control end C forwards port B and Intranet application port A by Intranet application and connects, and firewall-penetrating accesses the application service that Intranet provides in outer net.
Preferably, based on a system for port repeat multiplex technique firewall-penetrating, described system comprises: the application of fire compartment wall, Intranet application end S, outer net control end C, Intranet application port A, Intranet forwards port B, outer net is monitored and forwarded port B and outer net listening port C;
The data of Intranet application port A are forwarded port B by Intranet application and are forwarded to outer net control end C by described Intranet application end S;
Described outer net control end C receives the application data that Intranet application forwarding port B forwards, and conducts interviews to outer net listening port C.
Compared with the prior art, the beneficial effect that the present invention reaches is:
Propose a kind of method and system based on port repeat multiplex technique firewall-penetrating, by port repeat multiplex technique, Intranet application system data are successfully forwarded on outer net given server by the mode that branch is forwarded by port data in Intranet application system and outer net independence IP server; Solve the problem cannot accessed at the Intranet application service external user of Firewall Protection.
Accompanying drawing explanation
Fig. 1 is the method flow diagram based on port repeat multiplex technique firewall-penetrating provided by the invention;
Fig. 2 is the structural representation based on port repeat multiplex technique firewall-penetrating provided by the invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
As shown in Figure 1, a kind of method based on port repeat multiplex technique firewall-penetrating, described method comprises: (1) obtains the IP information of Intranet application end S and the external IP address of outer net control end C; Described step (1) comprises, described Intranet application end S arranges Intranet application port A and Intranet application forwarding port B, described outer net control end C arranges outer net listening port B and outer net listening port C, check that whether outer net listening port B and outer net listening port C is occupied, and initialization operation is carried out to the transmission data of outer net listening port B and outer net listening port C.
(2) undertaken forwarding and attended operation by FPDP; Described step (2) comprises, and the application service that Intranet provides by Intranet application end S is forwarded to outer net listening port C.
(3) monitored data port; Described step (3) comprises, and net control end C monitors the port of Intranet application forwarding and the local port needing connected reference outside, waits for that Intranet application end S connects the port of monitoring.
Between Intranet application end S and outer net control end C, form the data cube computation of port-to-port, and the Intranet application port A of Intranet application end S is connected on the outer net listening port C of outer net control end C.
(4) data of Intranet application end S are obtained.Described step (4) comprises, and when FPDP successfully connects, outer net control end C forwards port B and Intranet application port A by Intranet application and connects, and firewall-penetrating accesses the application service that Intranet provides in outer net.
As shown in Figure 2, based on a system for port repeat multiplex technique firewall-penetrating, described system comprises: the application of fire compartment wall, Intranet application end S, outer net control end C, Intranet application port A, Intranet forwards port B, outer net is monitored and forwarded port B and outer net listening port C;
The data of Intranet application port A are forwarded port B by Intranet application and are forwarded to outer net control end C by described Intranet application end S;
Described outer net control end C receives the application data that Intranet application forwarding port B forwards, and conducts interviews to outer net listening port C.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although with reference to above-described embodiment to invention has been detailed description, those of ordinary skill in the field are to be understood that: still can modify to the specific embodiment of the present invention or equivalent replacement, and not departing from any amendment of spirit and scope of the invention or equivalent replacement, it all should be encompassed in the middle of right of the present invention.
Claims (8)
1. based on a method for port repeat multiplex technique firewall-penetrating, it is characterized in that, described method comprises:
(1) the IP information of Intranet application end S and the external IP address of outer net control end C is obtained;
(2) undertaken forwarding and attended operation by FPDP;
(3) monitored data port;
(4) data of Intranet application end S are obtained.
2. a kind of method based on port repeat multiplex technique firewall-penetrating as claimed in claim 1, it is characterized in that, described step (1) comprises, described Intranet application end S arranges Intranet application port A and Intranet application forwarding port B, described outer net control end C arranges outer net listening port B and outer net listening port C, check that whether outer net listening port B and outer net listening port C is occupied, and initialization operation is carried out to the transmission data of outer net listening port B and outer net listening port C.
3. a kind of method based on port repeat multiplex technique firewall-penetrating as claimed in claim 1 or 2, it is characterized in that, described step (2) comprises, and the application service that Intranet provides by Intranet application end S is forwarded to outer net listening port C.
4. a kind of method based on port repeat multiplex technique firewall-penetrating as claimed in claim 3, it is characterized in that, described step (3) comprises, net control end C monitors the port of Intranet application forwarding and the local port needing connected reference outside, waits for that Intranet application end S connects the port of monitoring.
Between Intranet application end S and outer net control end C, form the data cube computation of port-to-port, and the Intranet application port A of Intranet application end S is connected on the outer net listening port C of outer net control end C.
5. a kind of method based on port repeat multiplex technique firewall-penetrating as claimed in claim 4, it is characterized in that, described step (4) comprises, when FPDP successfully connects, outer net control end C forwards port B and Intranet application port A by Intranet application and connects, and firewall-penetrating accesses the application service that Intranet provides in outer net.
6. a kind of method based on port repeat multiplex technique firewall-penetrating as claimed in claim 1, it is characterized in that, net control end C monitors the port of Intranet application forwarding and the local port needing connected reference outside, waits for that Intranet application end S connects the port of monitoring.
7. a kind of method based on port repeat multiplex technique firewall-penetrating as claimed in claim 1, it is characterized in that, when FPDP successfully connects, outer net control end C forwards port B and Intranet application port A by Intranet application and connects, and firewall-penetrating accesses the application service that Intranet provides in outer net.
8. the system based on port repeat multiplex technique firewall-penetrating, it is characterized in that, described system comprises: the application of fire compartment wall, Intranet application end S, outer net control end C, Intranet application port A, Intranet forwards port B, outer net is monitored and forwarded port B and outer net listening port C;
The data of Intranet application port A are forwarded port B by Intranet application and are forwarded to outer net control end C by described Intranet application end S;
Described outer net control end C receives the application data that Intranet application forwarding port B forwards, and conducts interviews to outer net listening port C.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410849591.XA CN104702591B (en) | 2014-12-29 | 2014-12-29 | A kind of method and system based on port forwarding multiplexing technology firewall-penetrating |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410849591.XA CN104702591B (en) | 2014-12-29 | 2014-12-29 | A kind of method and system based on port forwarding multiplexing technology firewall-penetrating |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104702591A true CN104702591A (en) | 2015-06-10 |
| CN104702591B CN104702591B (en) | 2019-06-28 |
Family
ID=53349360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410849591.XA Active CN104702591B (en) | 2014-12-29 | 2014-12-29 | A kind of method and system based on port forwarding multiplexing technology firewall-penetrating |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104702591B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108989470A (en) * | 2018-08-31 | 2018-12-11 | 杭州当虹科技股份有限公司 | A kind of method of SDIOverIP multiplexing port data |
| CN109246060A (en) * | 2017-07-10 | 2019-01-18 | 中兴通讯股份有限公司 | A kind of method established the link, terminal and system |
| CN109561087A (en) * | 2018-11-28 | 2019-04-02 | 南京中孚信息技术有限公司 | Method for penetrating through firewall and system |
| CN109981725A (en) * | 2019-01-31 | 2019-07-05 | 咪咕文化科技有限公司 | Communication method across security domains, server and readable storage medium |
| CN112788587A (en) * | 2021-01-11 | 2021-05-11 | 广东博胜通信技术有限公司 | System for acquiring and managing cloud SIM card data and processing method thereof |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101175036A (en) * | 2007-11-01 | 2008-05-07 | 南京大学 | Fire wall/subnet penetration method based on intranet node forwarding technology |
| CN101257431A (en) * | 2008-03-11 | 2008-09-03 | 网经科技(苏州)有限公司 | Converse exit passageway remote device management mode |
| US20100235481A1 (en) * | 2007-10-24 | 2010-09-16 | Lantronix, Inc. | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
| CN102404417A (en) * | 2011-11-09 | 2012-04-04 | 深圳市共进电子股份有限公司 | Method and device for accessing external network |
| CN102546588A (en) * | 2011-11-28 | 2012-07-04 | 深圳市华信安创科技有限公司 | Method for penetrating through LINUX fire walls to build communication |
| CN102594942A (en) * | 2012-02-23 | 2012-07-18 | 汉柏科技有限公司 | Method and system for achieving network address translation |
| CN102685094A (en) * | 2011-12-16 | 2012-09-19 | 河南科技大学 | Reverse proxy system and method |
| CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
| CN103945014A (en) * | 2013-01-21 | 2014-07-23 | 中国科学院声学研究所 | Port multiplexing method in PAT mode and network address translation equipment |
-
2014
- 2014-12-29 CN CN201410849591.XA patent/CN104702591B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100235481A1 (en) * | 2007-10-24 | 2010-09-16 | Lantronix, Inc. | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
| CN101175036A (en) * | 2007-11-01 | 2008-05-07 | 南京大学 | Fire wall/subnet penetration method based on intranet node forwarding technology |
| CN101257431A (en) * | 2008-03-11 | 2008-09-03 | 网经科技(苏州)有限公司 | Converse exit passageway remote device management mode |
| CN102404417A (en) * | 2011-11-09 | 2012-04-04 | 深圳市共进电子股份有限公司 | Method and device for accessing external network |
| CN102546588A (en) * | 2011-11-28 | 2012-07-04 | 深圳市华信安创科技有限公司 | Method for penetrating through LINUX fire walls to build communication |
| CN102685094A (en) * | 2011-12-16 | 2012-09-19 | 河南科技大学 | Reverse proxy system and method |
| CN102594942A (en) * | 2012-02-23 | 2012-07-18 | 汉柏科技有限公司 | Method and system for achieving network address translation |
| CN103945014A (en) * | 2013-01-21 | 2014-07-23 | 中国科学院声学研究所 | Port multiplexing method in PAT mode and network address translation equipment |
| CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
Non-Patent Citations (1)
| Title |
|---|
| 石磊等: "《基于内网节点的防火墙穿透方法》", 《现代电子技术》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246060A (en) * | 2017-07-10 | 2019-01-18 | 中兴通讯股份有限公司 | A kind of method established the link, terminal and system |
| CN109246060B (en) * | 2017-07-10 | 2022-07-05 | 中兴通讯股份有限公司 | Method, terminal and system for establishing link |
| CN108989470A (en) * | 2018-08-31 | 2018-12-11 | 杭州当虹科技股份有限公司 | A kind of method of SDIOverIP multiplexing port data |
| CN109561087A (en) * | 2018-11-28 | 2019-04-02 | 南京中孚信息技术有限公司 | Method for penetrating through firewall and system |
| CN109561087B (en) * | 2018-11-28 | 2021-06-08 | 南京中孚信息技术有限公司 | Firewall penetration method and system |
| CN109981725A (en) * | 2019-01-31 | 2019-07-05 | 咪咕文化科技有限公司 | Communication method across security domains, server and readable storage medium |
| CN109981725B (en) * | 2019-01-31 | 2022-06-14 | 咪咕文化科技有限公司 | Communication method across security domains, server and readable storage medium |
| CN112788587A (en) * | 2021-01-11 | 2021-05-11 | 广东博胜通信技术有限公司 | System for acquiring and managing cloud SIM card data and processing method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104702591B (en) | 2019-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11765057B2 (en) | Systems and methods for performing end-to-end link-layer and IP-layer health checks between a host machine and a network virtualization device | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| CN104702591A (en) | Method and system for penetrating through firewall based on port forwarding multiplexing technology | |
| US20160323319A1 (en) | Method and system for using virtual tunnel end-point registration and virtual network identifiers to manage virtual extensible local area network access | |
| CN105379218A (en) | Service flow processing method, apparatus and device | |
| CN105406987B (en) | A kind of outer net client accesses privately owned desktop method | |
| KR101877655B1 (en) | Intelligent firewall access rules | |
| CN104717156A (en) | Method and system for managing data flows in software-defined network using network interface card | |
| US9787581B2 (en) | Secure data flow open information analytics | |
| US20160255012A1 (en) | Method for mitigation of unauthorized data transfer over domain name service (dns) | |
| CN105847108B (en) | Communication means and device between container | |
| CN104320502B (en) | Terminating gateway IP address distribution method, the method for data transfer, MME and system | |
| CN105939267B (en) | Outband management method and device | |
| CN103763310A (en) | Firewall service system and method based on virtual network | |
| CN104980368A (en) | Bandwidth guarantee method and apparatus in software defined network (SDN) | |
| CN104734986B (en) | A kind of message forwarding method and device | |
| CN103152360A (en) | Method for visitors to access network based on wireless router | |
| US20140237137A1 (en) | System for distributing flow to distributed service nodes using a unified application identifier | |
| CN106411742A (en) | Message transmission method and device | |
| CN106067906A (en) | A kind of method of reconnect and monitoring device | |
| CN101640634B (en) | Method for controlling network flow | |
| CN106161115A (en) | A kind of device management method being applied to VXLAN and device | |
| US20160080287A1 (en) | Governing bare metal guests | |
| CN105357332B (en) | A kind of method for network address translation and device | |
| CN105939404A (en) | NAT (Network Address Translation) resource obtaining method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160505 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: State Grid Smart Grid Institute Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute |
|
| CB02 | Change of applicant information |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Smart Grid Institute |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |