CN109451085B - Method and device for realizing network isolation through IP address camouflage - Google Patents
Method and device for realizing network isolation through IP address camouflage Download PDFInfo
- Publication number
- CN109451085B CN109451085B CN201811189399.7A CN201811189399A CN109451085B CN 109451085 B CN109451085 B CN 109451085B CN 201811189399 A CN201811189399 A CN 201811189399A CN 109451085 B CN109451085 B CN 109451085B
- Authority
- CN
- China
- Prior art keywords
- address
- network
- card
- network card
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/3005—Mechanisms for avoiding name conflicts
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5046—Resolving address allocation conflicts; Testing of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
- H04N7/15—Conference systems
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for realizing network isolation by IP address camouflage, wherein the method comprises the following steps: a, detecting an IP address of an intranet card in network equipment and an IP address of equipment for carrying out data communication with an extranet card in the network equipment; b, judging whether the IP addresses of the two are the same; and C, if the IP addresses of the intranet network card and the intranet network card are the same, changing the IP address of the intranet network card by IP address camouflage. The method and the device for realizing network isolation through IP address camouflage solve the problems that in the prior art, in multi-network card equipment, if IP addresses conflict, normal communication of network data can be ensured, and manual parameter configuration is not needed.
Description
Technical Field
The invention relates to the technical field of network data transmission, in particular to a method and a device for realizing network isolation through IP address camouflage.
Background
In the video conference system, the video conference system is more and more complex with various demands of customers and continuous change of deployment environment. In a video conference system, data interaction is most common through a network, a plurality of network cards are often needed, one network card is used for external network communication and other network cards are used for equipment communication in a local area network when the plurality of network cards are generally used. In a multi-network card, each network card device needs to occupy one more IP address, and the setting of each IP address is critical, which may cause abnormal device communication if the settings conflict with each other. The invention aims to solve the problem of how to ensure normal communication of network data under the condition that IP addresses conflict.
At present, a relatively large number of devices are implemented by enabling a user to select a fixed IP address for each network card according to the currently deployed environment condition when multiple network cards are provided, so as to ensure that the IP addresses owned by each network card of the device do not conflict with each other and do not conflict with the IP addresses in the local area network. In such a way, under a relatively complex deployment environment, a client is very inconvenient to deploy, and each damaged device is rechecked once when the configuration is wrong carelessly, so that certain difficulty and inconvenience are caused to the client deployment.
In the prior art, in a device with multiple network cards, a user can set a different IP address for each network card according to a current deployment environment through a web page or other means, and it is ensured that each network card does not conflict with any IP address in the environment, thereby ensuring that data communication between each network card is normal.
The prior art has the following defects:
as video conference systems become more and more complex, when a client deploys in a more complex environment, IP setup conflicts are likely to occur, thereby causing communication anomalies. And when a conflict occurs, each setting must also be checked to see which devices have a conflict.
In view of this, a method and an apparatus for implementing network isolation by IP address masquerading are designed to solve the problem that in the prior art, if normal communication of network data cannot be guaranteed when there is an IP address conflict in a multi-network-card device, there is an urgent need in the current market.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method for realizing network isolation by IP address camouflage, which comprises the following steps:
a, detecting an IP address of an intranet card in network equipment and an IP address of equipment for carrying out data communication with an extranet card in the network equipment;
b, judging whether the IP addresses of the two are the same;
and C, if the IP addresses of the intranet network card and the intranet network card are the same, changing the IP address of the intranet network card by disguising the IP addresses into other IP addresses.
Further, when the IP address of the intranet card of the disguised network device is the same as the IP address of the extranet card, the IP address of the intranet card is continuously disguised until the IP address of the intranet card is different from the IP address of the extranet card.
Further, the step A specifically comprises the steps of,
and detecting the IP address of an internal network card in the network equipment and transmitting the data to the IP source address of an external network card in the network equipment.
Further, the step A specifically comprises the steps of,
and detecting the IP address of the internal network card and the destination IP address of the data transmission of the external network card in the network equipment.
Further, the step C specifically comprises the steps of,
if the IP addresses of the intranet network card and the intranet network card are detected to be the same, the IP address of the intranet network card is disguised as 192.168.0.99 through IP address disguising.
Further, when the IP address of the intranet card of the disguised network device is the same as the IP address of the extranet network card, the IP address of the intranet card is continuously disguised, and the IP address of the intranet card is disguised as 192.168.0.100.
The invention provides a device for realizing network isolation by IP address camouflage, which comprises a detection unit, a judgment unit and an IP address camouflage unit, wherein,
the detection unit detects the IP address of an internal network card in the network equipment and the IP address of equipment which carries out data communication with an external network card in the network equipment;
the judging unit judges whether the IP address of the internal network card is the same as the IP address of equipment for carrying out data communication with the external network card in the network equipment;
the IP address disguising unit disguises the IP address of the internal network card and changes the IP address of the internal network card;
the detection unit is electrically connected with the judgment unit, and the judgment unit is respectively electrically connected with the detection unit and the IP address disguising unit.
Compared with the prior art, the method and the device for realizing network isolation through IP address camouflage solve the problems that in the prior art, in multi-network card equipment, normal communication of network data can be ensured when IP addresses conflict, and manual parameter configuration is not needed.
Drawings
FIG. 1 is a flow chart of a method for implementing network isolation by IP address masquerading according to the present invention;
FIG. 2 is a schematic structural diagram of an apparatus for implementing network isolation by IP address masquerading according to the present invention;
fig. 3 is a schematic diagram of an embodiment of a method for implementing network isolation by IP address masquerading according to the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Referring to fig. 1, the present invention provides a method for implementing network isolation by IP address masquerading, the method comprising:
s100, detecting an IP address of an intranet card in the network equipment and an IP address of equipment for data communication with an extranet card in the network equipment;
s200, judging whether the IP addresses of the two are the same;
s300, if the IP addresses of the intranet network card and the network card are the same, changing the IP address of the intranet network card by disguising the IP addresses into other IP addresses.
When the IP address of the internal network card of the disguised network device is the same as the IP address of the external network card, the IP address of the internal network card is continuously disguised until the IP address in the internal network card is different from the IP address of the external network card.
Wherein the step A specifically comprises the following steps of,
and detecting the IP address of an internal network card in the network equipment and transmitting the data to the IP source address of an external network card in the network equipment.
Wherein the step A specifically comprises the following steps of,
and detecting the IP address of the internal network card and the destination IP address of the data transmission of the external network card in the network equipment.
Wherein the step C specifically comprises the following steps of,
if the IP addresses of the intranet network card and the intranet network card are detected to be the same, the IP address of the intranet network card is disguised as 192.168.0.99 through IP address disguising.
When the IP address of the intranet network card of the disguised network device is the same as the IP address of the extranet network card, the IP address of the intranet network card is continuously disguised, and the IP address of the intranet network card is disguised as 192.168.0.100.
Referring to fig. 2, the present invention provides an apparatus for implementing network isolation by IP address masquerading, the apparatus comprising a detecting unit, a judging unit, an IP address masquerading unit, wherein,
the detection unit detects the IP address of an internal network card in the network equipment and the IP address of equipment which carries out data communication with an external network card in the network equipment;
the judging unit judges whether the IP address of the internal network card is the same as the IP address of equipment for carrying out data communication with the external network card in the network equipment;
the IP address disguising unit disguises the IP address of the internal network card and changes the IP address of the internal network card;
the detection unit is electrically connected with the judgment unit, and the judgment unit is respectively electrically connected with the detection unit and the IP address disguising unit.
Examples
Referring to fig. 3, it is assumed that there are three network cards on the device, which are eth0, cam0, ext0, where eth0 is the name of the network card used by the device for extranet communication, cam0 is the name of the network card used by the device for lan and camera communication, and ext0 is the name of the network card used by the device for lan and slave device communication. The network card architecture framework is shown in fig. 1. Assuming that the IPs for cam0 and ext0 are both 192.168.0.23 and eth0 is connected to the extranet, the assignment of IPs will be automatically assigned an IP by the extranet. Because cam0 and ext0 are two independent local area networks, only a specific local area network card needs to be bound for data communication during programming, and mutual influence is avoided. However, when there is an IP of 192.168.0.23 in the external network, the eth0 collides with the cam0 and ext0 when data communication is performed between the device and the external network, resulting in device abnormality.
The specific conflict mainly exists in the following two aspects:
1) if the IP source address (i.e., IP of the external network device, the same below) of the IP packet received from the eth0 network card is the same as 192.168.0.23 of ext0 and cam0, the packet may be marked as a packet of the local routing table when the routing table is searched, which may cause a misidentification in the network protocol as a data packet sent by cam0 or ext 0.
2) If the IP destination address (i.e. IP of the external network device, the same below) of the IP packet sent from the eth0 network card is the same as 192.168.0.23 of ext0 and cam0, the IP packet of eth0 will be marked as a packet of the local routing table, and will be mistaken as a packet sent to cam0 and ext0, so that the data packet will not be sent to the external network, and finally the external network device will not receive the data packet sent by eth 0.
The solution is as follows:
1) when the source address of the IP received by the eth0 network card is 192.168.0.23, the IP is disguised by disguising the IP, 192.168.0.23 is disguised as 192.168.0.99, the IP cannot be matched in the local routing table, and the routing table of the eth0 is entered to match the routing, so that data can be correctly sent to the program of the eth0 network card user layer for processing.
However, it is possible that the IP allocated to the eth0 network card is 192.168.0.99, so when the IP of the eth0 network card is 192.168.0.99, and when the IP source address received by the eth0 network card is 192.168.0.23, 192.168.0.23 is disguised as 192.168.0.100 (192.168.0.99 cannot be used here) by disguising the IP, and the IP cannot be matched in the local routing table, and then the IP enters the routing table of the eth0 to match the route, so that the data can be correctly sent to the program processing of the eth0 network card user layer.
2) When the destination address of the IP sent by the eth0 network card is 192.168.0.23, 192.168.0.23 is disguised as 192.168.0.99 by disguising the IP, the IP cannot be matched in the local routing table, and the IP enters the routing table of eth0 to match the route, so that the sent IP can be sent out from eth 0.
If the IP of the eth0 network card is 192.168.0.99, when the IP destination address sent by eth0 is 192.168.0.23, by disguising the IP, 192.168.0.23 is disguised as 192.168.0.100 (192.168.0.99 cannot be used here), the IP cannot be matched in the local routing table, and then the IP enters the routing table of eth0 to match the route, so that the sent IP can be sent out from eth 0.
The method and the device for realizing network isolation through IP address camouflage solve the problems that in the prior art, in multi-network card equipment, if IP addresses conflict, normal communication of network data can be ensured, and manual parameter configuration is not needed.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that are within the spirit and principle of the present invention are intended to be included therein.
Claims (7)
1. A method for implementing network isolation by IP address masquerading, the method comprising:
a, detecting an IP address of an intranet card in network equipment and an IP address of equipment for carrying out data communication with an extranet card in the network equipment;
b, judging whether the IP addresses of the two are the same;
and C, if the IP addresses of the intranet network card and the intranet network card are the same, changing the IP address of the intranet network card by disguising the IP addresses into other IP addresses.
2. The method of claim 1, wherein when the IP address of the intranet card of the disguised network device is the same as the IP address of the extranet card, the IP address of the intranet card is continuously disguised until the IP address of the intranet card is different from the IP address of the extranet card.
3. The method for realizing network isolation through IP address masquerading as claimed in claim 1, wherein the step A specifically comprises,
and detecting the IP address of an internal network card in the network equipment and transmitting the data to the IP source address of an external network card in the network equipment.
4. The method for realizing network isolation through IP address masquerading as claimed in claim 1, wherein the step A specifically comprises,
and detecting the IP address of the internal network card and the destination IP address of the data transmission of the external network card in the network equipment.
5. The method for achieving network isolation through IP address masquerading as recited in claim 1, wherein the step C comprises,
if the IP addresses of the intranet network card and the intranet network card are detected to be the same, the IP address of the intranet network card is disguised as 192.168.0.99 through IP address disguising.
6. The method for achieving network isolation through IP address masquerading of claim 2,
when the IP address of the internal network card of the network equipment after disguising is the same as the IP address of the external network card, the IP address of the internal network card is continuously disguised, and the IP address of the internal network card is disguised as 192.168.0.100.
7. A device for realizing network isolation by IP address camouflage is characterized in that the device comprises a detection unit, a judgment unit and an IP address camouflage unit, wherein,
the detection unit detects the IP address of an internal network card in the network equipment and the IP address of equipment which carries out data communication with an external network card in the network equipment;
the judging unit judges whether the IP address of the internal network card is the same as the IP address of equipment for carrying out data communication with the external network card in the network equipment;
the IP address disguising unit disguises the IP address of the internal network card and changes the IP address of the internal network card;
the detection unit is electrically connected with the judgment unit, and the judgment unit is respectively electrically connected with the detection unit and the IP address disguising unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811189399.7A CN109451085B (en) | 2018-10-12 | 2018-10-12 | Method and device for realizing network isolation through IP address camouflage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811189399.7A CN109451085B (en) | 2018-10-12 | 2018-10-12 | Method and device for realizing network isolation through IP address camouflage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109451085A CN109451085A (en) | 2019-03-08 |
| CN109451085B true CN109451085B (en) | 2021-08-10 |
Family
ID=65546580
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811189399.7A Active CN109451085B (en) | 2018-10-12 | 2018-10-12 | Method and device for realizing network isolation through IP address camouflage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109451085B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110855684A (en) * | 2019-11-18 | 2020-02-28 | 深圳前海环融联易信息科技服务有限公司 | Network isolation management method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101378412A (en) * | 2007-08-28 | 2009-03-04 | 英业达股份有限公司 | System and method for modifying inner network IP of double controller |
| CN103455767A (en) * | 2013-09-10 | 2013-12-18 | 李传双 | System and method for multi-network safety isolation |
| CN106888130A (en) * | 2017-04-21 | 2017-06-23 | 新华三技术有限公司 | The method to set up and device of router |
| CN106953795A (en) * | 2016-01-07 | 2017-07-14 | 中兴通讯股份有限公司 | Configure the method and device of many network interface cards |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090106401A1 (en) * | 2007-10-22 | 2009-04-23 | Inventec Corporation | System and method for Intra Network Internet Protocol (IP) address modification by dual controller |
| CN103179621B (en) * | 2011-12-22 | 2017-07-25 | 上海无线通信研究中心 | A kind of method that Cellular Networks switch with WLAN |
-
2018
- 2018-10-12 CN CN201811189399.7A patent/CN109451085B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101378412A (en) * | 2007-08-28 | 2009-03-04 | 英业达股份有限公司 | System and method for modifying inner network IP of double controller |
| CN103455767A (en) * | 2013-09-10 | 2013-12-18 | 李传双 | System and method for multi-network safety isolation |
| CN106953795A (en) * | 2016-01-07 | 2017-07-14 | 中兴通讯股份有限公司 | Configure the method and device of many network interface cards |
| CN106888130A (en) * | 2017-04-21 | 2017-06-23 | 新华三技术有限公司 | The method to set up and device of router |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109451085A (en) | 2019-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104301321B (en) | A kind of method and system for realizing distributed network security protection | |
| CN105227693B (en) | A kind of configuration method and device of the DNS of mobile device | |
| CN101087211B (en) | A method and system for realizing echo function in BFD mechanism and its function entity | |
| EP2991292A1 (en) | Network collaborative defense method, device and system | |
| US20120209937A1 (en) | Method for operating a node cluster system in a network and node cluster system | |
| US9942138B2 (en) | Method and device for policy based routing | |
| CN101321102A (en) | Detection method and access equipment of DHCP server | |
| EP2509262A1 (en) | Unaddressed device communication from within an MPLS network | |
| CN110768862B (en) | Cloud platform physical link connectivity detection device, method and system | |
| CN105939403A (en) | Address conflict detection method and device | |
| CN110011941B (en) | Message forwarding method and device | |
| CN101904150A (en) | Ethernet connectivity fault management with user verification option | |
| US20220311733A1 (en) | Communication device and communication system | |
| CN106685693A (en) | Network anomaly detection method, system and network device | |
| CN108173810B (en) | Method and device for transmitting network data | |
| CN115885502A (en) | Diagnosing intermediate network nodes | |
| CN109451085B (en) | Method and device for realizing network isolation through IP address camouflage | |
| CN102739462B (en) | Test message sending method and device | |
| CN107888711B (en) | Cross-network-segment equipment searching and communication method | |
| CN109617972B (en) | Connection establishing method and device, electronic equipment and storage medium | |
| CN104869118B (en) | A kind of method and system for realizing DDoS defence based on dynamic tunneling technique | |
| CN100576815C (en) | Based on the router discover method on the network of mobile IP | |
| CN113438159B (en) | Transmission method and device of segmented routing strategy and network transmission system | |
| CN109474588A (en) | A kind of terminal authentication method and device | |
| CN113079128B (en) | Information blocking method and device, computing equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230506 Address after: Room 208-7, Hengye Building, No. 100 Xiangxing Road, Xiang'an Industrial Zone, Torch High tech Zone, Xiamen City, Fujian Province, 361100 Patentee after: Xiamen Yilian Communication Technology Co.,Ltd. Address before: 361000 Yilian R & D building, No.1, Lingxia North Road, hi tech park, Huli District, Xiamen City, Fujian Province Patentee before: YEALINK (XIAMEN) NETWORK TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |