Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
1998-08-31
2004-04-06
Marcelo, Melvin (Department: 2666)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S467000
Reexamination Certificate
active
06717949
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
This invention pertains to network address translation and IP filtering. More specifically, it relates to selective masquerading of internal IP addresses among a plurality of public IP address.
2. Background Art
IP Network Address Translation (NAT) and IP Filtering functions provide firewall-type capability to an Internet gateway system.
Network Address Translation (NAT) is done various ways. Among the known ways is masquerade NAT, in which IP addresses in IP packets are changed as the packets flow out of and into a masquerading system. The masquerading system is typically on the boundary between an organization's private networks and public networks, such as the Internet. The main benefits to these organizations of these address changes are:
1. Systems on the private network are free to use any subset of the IP address space, any IP class, superclass, subclass, or designated private IP addresses. This provides great flexibility, freedom, and control to the organization in assigning IP addresses and designing its internal network.
2. The IP addresses of private systems, the network and subnet architecture are kept hidden. The addresses do not appear on Internet IP packets. Improved security is the result.
Therefore, masquerade NAT is widely used by industry, government and other organizations today.
Masquerade NAT is a form of NAT defined by a many-to-one mapping of an organization's internal addresses to a single, public IP address. There is a need in the art to remove this restriction to a single address; to allow a system administrator to selectively designate subsets of internal IP addresses to be masqueraded, with each subset mapped to a different, single, public IP address; and improve management of internal IP addresses by allowing multiple network interfaces or masquerading systems to be used for load balancing.
It is an object of the invention to provide an improved masquerade NAT capability for gateway systems.
It is a further object of the invention to provide a selective masquerade NAT system capability, whereby subsets of internal IP addresses may be selectively masqueraded among a plurality of public IP addresses.
SUMMARY OF THE INVENTION
An address management system and method. ADDRESS statements and HIDE rule statements are processed to generate a file of masquerade rules for associating subsets of internal addresses among a plurality of public addresses. Responsive to these masquerade rules, network address translation is performed for incoming and outgoing IP datagrams.
REFERENCES:
patent: 5524227 (1996-06-01), Cuthbertson et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5600644 (1997-02-01), Chang et al.
patent: 5621727 (1997-04-01), Vaudreuil
patent: 5636216 (1997-06-01), Fox et al.
patent: 5651002 (1997-07-01), Van Seters et al.
patent: 6058106 (2000-05-01), Cudak et al.
patent: 6058431 (2000-05-01), Srisuresh et al.
patent: 6128298 (2000-10-01), Wootton et al.
patent: 6226751 (2001-05-01), Arrow et al.
patent: 6243383 (2001-06-01), Li et al.
patent: 6266707 (2001-07-01), Boden et al.
patent: 6353614 (2002-03-01), Borella et al.
patent: 09-205457 (1997-08-01), None
patent: WO97/05727 (1997-02-01), None
Secure Computing, SecureZone 1.0, Mar. 1998, Secure Computing Corporation, p. 7.*
Lodin, S. W. et al.Firewalls fend off invasions from the Net, IEEE Spectrum, v. 35, n. 2, Feb. 98, pp. 26-34.
Boden Edward B.
Brzozowski Wesley A.
Gruber Franklin A.
Palermo Donald A.
Williams Michael D.
Abelson Ron
Beckstrand Shelley M.
Marcelo Melvin
LandOfFree
System and method for IP network address translation using... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for IP network address translation using..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for IP network address translation using... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3271530