[go: up one dir, main page]

WO2002071717A3 - Traversing firewalls and nats - Google Patents

Traversing firewalls and nats Download PDF

Info

Publication number
WO2002071717A3
WO2002071717A3 PCT/US2001/048551 US0148551W WO02071717A3 WO 2002071717 A3 WO2002071717 A3 WO 2002071717A3 US 0148551 W US0148551 W US 0148551W WO 02071717 A3 WO02071717 A3 WO 02071717A3
Authority
WO
WIPO (PCT)
Prior art keywords
port
address
packet
network
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2001/048551
Other languages
French (fr)
Other versions
WO2002071717A2 (en
Inventor
Gur Kimchi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MagicJack Vocaltec Ltd
Original Assignee
Vocaltec Communications Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/867,371 external-priority patent/US20020120760A1/en
Application filed by Vocaltec Communications Ltd filed Critical Vocaltec Communications Ltd
Priority to US10/450,751 priority Critical patent/US20050125532A1/en
Priority to AU2001297602A priority patent/AU2001297602A1/en
Publication of WO2002071717A2 publication Critical patent/WO2002071717A2/en
Publication of WO2002071717A3 publication Critical patent/WO2002071717A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2535Multiple local networks, e.g. resolving potential IP address conflicts
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2567NAT traversal for reachability, e.g. inquiring the address of a correspondent behind a NAT server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2575NAT traversal using address mapping retrieval, e.g. simple traversal of user datagram protocol through session traversal utilities for NAT [STUN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2578NAT traversal without involvement of the NAT server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

An incoming UDP packet is allowed to traverse a network address translation (NAT) device or a firewall, wherein first, a TCP connection is opened and a Raw-IP interface is utilized to build the UDP-like packet using the parameters of the TCP connection (e.g., session number, port, etc.) Furthermore, when one of two communicating machines is behind a firewall, a connection is established between each of the machines and a proxy server located in a public network. The proxy then communicates the port and address information while using the proxy server's port and address information as the source port and address, or provides both with an address of an appropriate (potentially based on network proximity) packet forwarder.
PCT/US2001/048551 2000-05-26 2001-12-13 Traversing firewalls and nats Ceased WO2002071717A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10/450,751 US20050125532A1 (en) 2000-05-26 2001-12-13 Traversing firewalls and nats
AU2001297602A AU2001297602A1 (en) 2000-12-14 2001-12-13 Traversing firewalls and nats

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US25542200P 2000-12-14 2000-12-14
US60/255,422 2000-12-14
US09/867,371 US20020120760A1 (en) 2000-05-26 2001-05-29 Communications protocol
US09/867,371 2001-05-29

Publications (2)

Publication Number Publication Date
WO2002071717A2 WO2002071717A2 (en) 2002-09-12
WO2002071717A3 true WO2002071717A3 (en) 2003-03-27

Family

ID=26944694

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/048551 Ceased WO2002071717A2 (en) 2000-05-26 2001-12-13 Traversing firewalls and nats

Country Status (2)

Country Link
AU (1) AU2001297602A1 (en)
WO (1) WO2002071717A2 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT414067B (en) * 2002-12-03 2006-08-15 Loytec Electronics Gmbh METHOD OF OPERATING CN / IP NODES BEHIND NAT ROUTERS
US7406533B2 (en) 2003-10-08 2008-07-29 Seiko Epson Corporation Method and apparatus for tunneling data through a single port
WO2005043848A1 (en) * 2003-11-03 2005-05-12 Immertec Co., Ltd. Udp packet communication method and system for private ip terminals
CN100440850C (en) * 2003-12-24 2008-12-03 华为技术有限公司 Method and system for multimedia service network address translation traversal
JP2005236728A (en) * 2004-02-20 2005-09-02 Matsushita Electric Ind Co Ltd Server device, request issuing device, request accepting device, communication system, and communication method
US7392323B2 (en) 2004-11-16 2008-06-24 Seiko Epson Corporation Method and apparatus for tunneling data using a single simulated stateful TCP connection
JP4599196B2 (en) * 2005-03-11 2010-12-15 株式会社アドイン研究所 Relay device, communication system, control method and control program thereof
CN100571196C (en) * 2005-03-22 2009-12-16 华为技术有限公司 Realization method of moving IPv6 message through firewall
CN100583814C (en) * 2005-05-12 2010-01-20 中兴通讯股份有限公司 Method for implementing multimedia service NAT transition
CN1870568A (en) * 2005-05-23 2006-11-29 华为技术有限公司 Method for implementing network address conversion anti-virus transition
FI119303B (en) 2005-06-07 2008-09-30 Teliasonera Ab Connectivity between stateful firewalls
CN100384168C (en) * 2005-12-30 2008-04-23 四川长虹电器股份有限公司 Method for multimedium session transition NAT equipment of IL323 system
CN101729862B (en) * 2008-10-21 2011-12-28 中兴通讯股份有限公司 Method and system for passing media through NAT by using video monitoring system
CN102231763B (en) * 2011-06-20 2014-04-09 北京思创银联科技股份有限公司 Sharing method based on NAT (Network Address Translation) penetration
CN104219589B (en) * 2013-06-03 2017-10-03 福达新创通讯科技(厦门)有限公司 Image transfer method, system and its record media

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10303947A (en) * 1997-04-25 1998-11-13 Hitachi Ltd Network communication system
US6052788A (en) * 1996-10-17 2000-04-18 Network Engineering Software, Inc. Firewall providing enhanced network security and user transparency

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6052788A (en) * 1996-10-17 2000-04-18 Network Engineering Software, Inc. Firewall providing enhanced network security and user transparency
JPH10303947A (en) * 1997-04-25 1998-11-13 Hitachi Ltd Network communication system
US6195366B1 (en) * 1997-04-25 2001-02-27 Hitachi, Ltd. Network communication system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
ESCHENBURG A: "WO LAUFEN SIE DENN? ICQ HAELT VERBINDUNG ZU BEKANNTEN", CT MAGAZIN FUER COMPUTER TECHNIK, VERLAG HEINZ HEISE GMBH., HANNOVER, DE, no. 22, 26 October 1998 (1998-10-26), pages 92 - 95, XP000779803, ISSN: 0724-8679 *
J.ROSENBERG,D.DREW,H.SCHULZRINNE: "<draft-rosenberg-sip-firewalls-00.txt> - Getting SIP through Firewalls and NATs", INTERNET DRAFT, 22 February 2000 (2000-02-22), XP002218607, Retrieved from the Internet <URL:http://www.jdrosen.net/papers/draft-rosenberg-sip-firewalls-00.txt> [retrieved on 20021028] *
NORIFUSA M: "Internet security: difficulties and solutions", INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, ELSEVIER SCIENTIFIC PUBLISHERS, SHANNON, IR, vol. 49, no. 1, March 1998 (1998-03-01), pages 69 - 74, XP004149463, ISSN: 1386-5056 *
PATENT ABSTRACTS OF JAPAN vol. 1999, no. 02 26 February 1999 (1999-02-26) *

Also Published As

Publication number Publication date
WO2002071717A2 (en) 2002-09-12
AU2001297602A1 (en) 2002-09-19

Similar Documents

Publication Publication Date Title
US7756983B2 (en) Symmetrical bi-directional communication
WO2002071717A3 (en) Traversing firewalls and nats
US20050125532A1 (en) Traversing firewalls and nats
US7995594B2 (en) Protocol and system for firewall and NAT traversal for TCP connections
Rosenberg et al. TCP Candidates with Interactive Connectivity Establishment (ICE)
CA2401103A1 (en) Network address translation gateway for local area networks using local ip addresses and non-translatable port addresses
CN102484656B (en) Method and apparatus for relaying packets
WO2002103460A3 (en) Network address and/or port translation
EP1035702A3 (en) Secure communication with mobile hosts
CA2248577A1 (en) Internet protocol filter
WO2003049445A3 (en) Integrated internet protocol (ip) gateway services in an rf cable network
WO2002103981A3 (en) Providing telephony services to terminals behind a firewall and/or network address translator
CA2534919A1 (en) Transport layer encryption for extra-security ip networks
AU5225000A (en) A method and arrangement for providing security through network address translations using tunneling and compensations
WO2005101747A3 (en) System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client
WO2007041662A3 (en) Secured media communication across enterprise gateway
WO2002045361A3 (en) Method for communicating audio data in a packet switched network
EP1434406A3 (en) Establishing a bi-directional IP-tunnel in a mobile IP communication system in case of private address conflicts
Smith et al. Network security using NAT and NAPT
WO2006107691A3 (en) Ip addressing in joined private networks
CA2413942A1 (en) A secure in-band signaling method for mobility management crossing firewalls
Paulsamy et al. Network convergence and the NAT/Firewall problems
Ylitalo et al. SPINAT: Integrating IPsec into overlay routing
Chen et al. NAT traversing solutions for SIP applications
US20050177718A1 (en) Systems and methods for video transport service

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
WWE Wipo information: entry into national phase

Ref document number: 10450751

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP