CN114268470A - Message transmission method, device and equipment - Google Patents
Message transmission method, device and equipment Download PDFInfo
- Publication number
- CN114268470A CN114268470A CN202111476614.3A CN202111476614A CN114268470A CN 114268470 A CN114268470 A CN 114268470A CN 202111476614 A CN202111476614 A CN 202111476614A CN 114268470 A CN114268470 A CN 114268470A
- Authority
- CN
- China
- Prior art keywords
- message
- mark
- public network
- network interface
- target host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000005540 biological transmission Effects 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 10
- 238000012986 modification Methods 0.000 abstract description 5
- 230000004048 modification Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 230000003068 static effect Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000002955 isolation Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000000354 decomposition reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000006798 recombination Effects 0.000 description 2
- 238000005215 recombination Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 101100048435 Caenorhabditis elegans unc-18 gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a message transmission method, a device and equipment, which are applied to gateway equipment, wherein the method comprises the following steps: receiving a first message transmitted by a public network interface; adding a first mark to the first message; according to the first mark and a first routing strategy, the first message is sent to a target host through a local area network interface; the embodiment of the invention solves the problem that the application of the intranet host needs to directly use the extranet address to access the extranet, realizes better portability, does not depend on a switching chip, has portability and stability, has less modification to system codes, and is easy to maintain and modify.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for transmitting a packet.
Background
DMZ (decentralized zone) technology is a traditional routing technology for addressing access of hosts within a firewall, but DMZ technology has drawbacks: when the DMZ carries out the conversion from a public network to a private network address, the public network address can not be directly used for some applications;
therefore, in order to more effectively solve the defects of the DMZ, the function is extended based on the DMZ technology by the Superdmz (isolation Gateway) technology, and the Superdmz technology enables a host in a private network to directly use a public network address to run an Application, but the Superdmz technology adopts ALG (Application Layer Gateway) address conversion, so that the routing process becomes complicated and is easy to make an error, and the traditional Superdmz technology is relatively dependent on a switch chip, a manufacturer of the switch chip generally does not provide a detailed interface, and the problem is easy to occur in the actual Application process.
Disclosure of Invention
The invention provides a message transmission method, a message transmission device and message transmission equipment. The problem that equipment accesses an external network is solved, good portability is achieved, the exchange chip is not relied on, portability and stability are achieved, system codes are less modified, and the system is easy to maintain and modify.
To solve the above technical problem, an embodiment of the present invention provides the following solutions:
a transmission method of a message is applied to gateway equipment, and the method comprises the following steps:
receiving a first message transmitted by a public network interface;
adding a first mark to the first message;
and sending the first message to a target host through a local area network interface according to the first mark and a first routing strategy.
Optionally, the gateway device changes the destination address of the first packet to the IP address of the target host through an arp packet filtering module.
Optionally, the message transmission method further includes:
receiving a second message sent by the target host through the local area network interface;
adding a second mark to the second message;
and sending the second message to a public network through a public network interface according to the second mark and a second routing strategy.
Optionally, in the second packet, the destination address of the target host is changed into the IP address of the gateway device through an arp packet filtering module, and the destination MAC of the target host is changed into the MAC of the gateway device through a firewall function module of a data link layer.
Optionally, the gateway device binds the MAC address of the MAC layer and the virtual ip of the target host via an ip neighbor command.
Optionally, the message transmission method further includes:
a third message transmitted to the public network through a public network interface;
adding a third mark to the third message; the third flag is used to indicate that the third packet is processed by the gateway device.
Optionally, the message transmission method further includes:
receiving a fourth message fed back by the public network according to the third message; the fourth message carries a third tag;
and processing a fourth message on the gateway equipment according to the third mark.
The invention also provides a message transmission device, which is applied to gateway equipment, and the device comprises:
the receiving module is used for receiving a first message transmitted by a public network interface;
the processing module is used for adding a first mark to the first message; and sending the first message to a target host through a local area network interface according to the first mark and a first routing strategy.
The invention provides an electronic device, which comprises a processor, a memory and a program or an instruction which is stored on the memory and can run on the processor, wherein the program or the instruction realizes the steps of the message transmission method when being executed by the processor.
The invention also provides a readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the message transmission method as described above.
The scheme of the invention at least comprises the following beneficial effects:
according to the scheme of the invention, the first message transmitted by the public network interface is received; and sending the first message to a target Superdmz host through a local area network interface according to the first routing strategy. The scheme of the invention is based on the firewall rule of the Linux system, establishes the message transmission system of the SuperDMZ gateway, does not depend on a specific exchange chip, solves the problem that the application of an intranet host needs to directly use an extranet address to access an extranet, realizes better portability, does not depend on the exchange chip, has portability and stability, has less modification on system codes, and is easy to maintain and modify.
Drawings
Fig. 1 is a schematic flow chart of a message transmission method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a connection structure between a Superdmz device and a target Superdmz host according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a transmission method of a packet according to embodiment 3 of the present invention;
fig. 4 is a schematic structural diagram of a message transmission apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, the present invention provides a method for transmitting a packet, which is applied to a gateway device, and the method includes:
and step 13, sending the first message to a target host through a local area network interface according to the first mark and a first routing strategy.
In this embodiment, the gateway device is a routing device having a gateway isolation function, and is preferably an isolation gateway Superdmz device, further, a host that obtains a public network IP (Internet Protocol) address is a target host, and the target host is preferably a target Superdmz host, and the gateway device receives a first message transmitted by a public network interface, adds a first tag to the first message, and sends the first message to the target host through a local area network interface according to a first routing policy; the problem that the application of an intranet host needs to directly use an extranet address to access an extranet is solved, the portability is better, the exchange chip is not relied on, the portability and the stability are realized, the system code is less modified, and the maintenance and the modification are easy.
When a public network transmits a first message to a target host through gateway equipment, a first strategy route can be customized, wherein the first strategy route is a link rule of a firewall function module iptable of an IP layer in a Linux system, and the link is a customized link in a preset routing link; adding a first mark to a first message sent to the gateway device by the public network through the wide area network interface, wherein the target IP of the first message is preferably the target host IP, associating the first mark through the first routing strategy in the step 12, and adding the virtual IP of the gateway device in the strategy routing table as a gateway for accessing the target host; when the target host is a target Superdmz host, the IP of the target host is preferably the Superdmz IP;
the above process can be written as:
a first message IP message (destination IP: IP of target host, source mac: gateway mac; destination mac: equipment wide area network interface mac) - - - > link rule of iptables and a first policy route- - - > first message IP message (destination IP: IP of target host, source mac: gateway equipment mac; destination mac: target host mac);
in a specific embodiment 1, when a destination IP of a first message sent by a public network to a target Superdmz host is an IP address of a local area network interface of a Superdmz device, the first message is sent to a 9090 device (Superdmz device) instead of the target Superdmz host;
and after the target IP of the first message is changed into a virtual IP and a next hop is made, the first message finds the target Superdmz host according to the binding relationship between the virtual IP of the target Superdmz host and the address mac of the media access control layer because the virtual IP is set and combined with the arp static binding of the Superdmz device, thereby transmitting the first message to the target Superdmz host.
The target host can be obtained by selection according to static configuration or dynamic configuration, and the target host and the public network can directly carry out communication interaction without carrying out route conversion; the method for acquiring the target host optionally comprises the following steps:
(1) dynamic mode of DHCP (Dynamic Host Configuration Protocol): taking the first host which obtains DHCP allocation as a target host;
(2) static mode of DHCP: determining a host with an MAC address not preset with an MAC address as a target host by presetting an MAC (Media Access Control) address of the target host, and acquiring a public network ip address;
(3) static mode: and setting the IP address of the selected host as the IP address of the public network in a manual configuration mode, wherein the selected host is the target host.
It should be noted that, when the target host is selected through the dynamic mode of the DHCP or the static mode of the DHCP, the usage time limit of the DHCP should be shortened, so as to adapt to the problem that the public network IP address may be changed in the dialing mode, where the dialing mode may be a dialing mode of PPPoE (Point-to-Point Protocol Over Ethernet, Point-to-Point communication Protocol based on Ethernet), or a dialing mode of LTE (4G network communication), which is not limited in this respect, but may also be another dialing mode;
meanwhile, under the enabling condition of the target host and the gateway device, a service interface is provided for the gateway device, the service interface does not conflict with the application of the target host, and is used for remote management of the device, and specifically may be at least one of a telnet (remote terminal Protocol) interface, an http (hypertext Transfer Protocol) interface, an https (hypertext Transfer Protocol over Secure session Layer), a snmp (simple network management Protocol) interface, or a ssh (Secure Shell Protocol); in addition, different masks need to be configured for the target host to adapt to different network segment conditions besides providing a service interface for the gateway device.
In an optional embodiment of the present invention, the first packet is sent from the gateway device to the destination address of the target host through an arp packet filtering module.
In this embodiment, when performing message communication between the target host and the gateway device, it is preferable to change a destination ip (internet interconnection protocol) and a source ip of an arp message sent and received by the target host by using an arp message filtering module arptable in the Linux system, that is, to perform conversion between a wan ip (wide area network interconnection protocol) and a virtual ip of the target host, so that when performing address resolution protocol arp query by the target host, the gateway device is regarded as a device using a virtual ip to perform address resolution protocol arp query; the address resolution protocol message may be any one of a first message, a second message, a third message and a fourth message;
the above process can be written as:
target host-address resolution protocol message (source IP: IP of target host) -arptable-gateway device;
gateway device-address resolution protocol message (destination IP: virtual IP) -arpables-arp message (destination IP: IP of target host) -target host.
In a specific embodiment 2, as shown in fig. 1, the hosts include a target Superdmz host and at least one other normal host, the target Superdmz host is used for communicating with a public network, the normal host is used for communicating with an intranet, a Superdmz device is in signal connection with the target Superdmz host and the normal host, the Superdmz device can communicate with the target Superdmz host through a local area network interface 1(lan1), the Superdmz device can communicate with the normal host through a local area network interface 2(lan2), the Superdmz device can communicate with the public network through a wide area network interface (wan), and it should be noted that the intranet is the local area network in communication with the normal host.
In an optional embodiment of the present invention, the gateway device binds the mac layer address and the virtual ip of the target host via an ip neighbor command.
In this embodiment, the gateway device binds the media access control layer address of the target host and the virtual internet protocol (virtual IP) through the IP neighbor command, so that arp (address resolution protocol) static binding can be realized, and when the gateway device searches for the virtual IP, the arp message does not need to be sent again; wherein a virtual internet protocol, i.e. virtual IP, is used to replace the IP of the target host on the gateway device.
In an optional embodiment of the present invention, the method for transmitting a packet further includes:
step 14, receiving a second message sent by the target host through the local area network interface;
step 15, adding a second mark to the second message;
and step 15, sending the second message to a public network through a public network interface according to the second mark and a second routing strategy.
And the destination address of the second message is changed into the IP address of the gateway equipment by the target host through an ARP message filtering module, and the destination MAC is changed into the MAC of the gateway equipment by the target host through a firewall function module of a data link layer.
In this embodiment, the gateway device receives a second message sent by the target host through the lan interface, adds a second tag to the second message, and sends the second message to the public network through the public network interface according to a second routing policy associated with the second tag; wherein, the destination address of the second message is changed into the IP address of the gateway equipment by the target host through the message filtering module of the address resolution protocol;
the above process can be written as:
and a second message IP message (source IP: IP of target host, target mac: gateway device mac, source mac: target host mac-iptables rule and second routing policy) > second message IP message (source IP: gateway device IP; target mac: gateway mac, source mac: gateway device mac).
In addition, when the target host sends the arp message broadcast, the arp message broadcast can be changed into the unicast through the firewall function module ebtables of the data link layer in the Linux, namely, the target mac is changed into the mac of the LAN of the gateway equipment through the firewall function module of the data link layer;
the above process can be written as:
the target host is a second message broadcast message (destination mac: ff: ff: ff: ff: ff: ff: ff) - - > ebtables is a second message unicast message (destination mac: device mac) - - > gateway device.
In an optional embodiment of the present invention, the method for transmitting a packet further includes:
step 16, transmitting a third message to the public network through a public network interface;
step 17, adding a third mark to the third message; the third flag is used for indicating that the third message is processed by the gateway device;
step 18, receiving a fourth message fed back by the public network according to the third message; the fourth message carries a third tag;
and 19, processing the fourth message on the gateway equipment according to the third mark.
In this embodiment, for the communication of the packet between the gateway device and the public network, a third tag is added to the third packet through a connection tag rule, where the connection tag rule is preferably a connmark rule, and meanwhile, the public network also adds the third tag to a fourth packet of the gateway device according to the third packet; since the fourth packet received by the gateway device carries the third label, the fourth packet is not further forwarded to the target host, but is directly processed in the gateway device.
It should be noted that, the rules of static binding of arpables, ebtables, and arp in steps 11 to 19 are all used to convert virtual ip used on the gateway device and wanip used by the target host during sending and receiving, that is, the target host is regarded as a normal lan interface of the gateway device, and virtual ip is used between the target host and the target host; and the rule of iptables is used for adding the virtual IP to a preset routing chain and/or an output chain in a policy routing table mangle table, so that the preset routing chain and/or the output chain interacts with the target host and the public network.
As shown in fig. 3, in a specific embodiment 3, a wide area network interface wan of a public network is 192.168.10.158, a gateway device is a 9090 device, the 9090 device sets a target host as a target Superdmz host through a Superdmz rule, that is, a rule of static binding of arpables, ebtables, and arp and a dnsmasq configuration, and the 9090 device restarts and/or calls a save & apply control for the 9090 device through a Dmz (isolation area) script, and at the same time, monitors related parameters of the Superdmz at a preset time, determines whether the related parameters need to be set by calling a super _ dmz. The dnsmasq configuration uses a super _ dmz.sh script to generate/ect/dnsmasq.conf configuration file, and sets parameters of a target Superdmz host, and it needs to be noted that the dnsmasq configuration only takes effect when the acquisition mode of the target Superdmz host is a dynamic mode or a static mode of DHCP, and when the IP of the target Superdmz host obtained through the dnsmasq configuration is the same as the wide area network interface of the public network, namely the local area network interface 1 is 192.168.10.158, the public network can directly access or partially shield a port through a global wide area network web interface to access; when the IP of the target Superdmz host obtained through dnsmasq configuration is different from the WAN interface of the public network, namely the LAN interface 2 is 192.168.1.200, the normal host is protected according to the firewall rules and only the intranet is allowed to access the normal host.
In the embodiment of the invention, a first message transmitted by a public network interface is received; adding a first mark to the first message; according to the first mark and a first routing strategy, the first message is sent to a target host through a local area network interface; the problem that the application of an intranet host needs to directly use an extranet address to access an extranet is solved, the portability is better, the exchange chip is not relied on, the portability and the stability are realized, the system code is less modified, and the maintenance and the modification are easy.
As shown in fig. 4, the present invention further provides a message transmission apparatus, which is applied to a gateway device, where the apparatus 40 includes:
a receiving module 41, configured to receive a first message transmitted by a public network interface;
a processing module 42, configured to add a first flag to the first packet; and sending the first message to a target host through a local area network interface according to the first mark and a first routing strategy.
Optionally, the gateway device changes the destination address of the first packet to the IP address of the target host through an arp packet filtering module.
Optionally, the processing module 42 is further configured to:
receiving a second message sent by the target host through the local area network interface;
adding a second mark to the second message;
and sending the second message to a public network through a public network interface according to the second mark and a second routing strategy.
Optionally, in the second packet, the destination address of the target host is changed into the IP address of the gateway device through an arp packet filtering module, and the destination MAC of the target host is changed into the MAC of the gateway device through a firewall function module of a data link layer.
Optionally, the gateway device binds the MAC address of the MAC layer and the virtual ip of the target host via an ip neighbor command.
Optionally, the processing module 42 is further configured to:
a third message transmitted to the public network through a public network interface;
adding a third mark to the third message; the third flag is used to indicate that the third packet is processed by the gateway device.
Optionally, the processing module 42 is further configured to:
receiving a fourth message fed back by the public network according to the third message; the fourth message carries a third tag;
and processing a fourth message on the gateway equipment according to the third mark.
It should be noted that the apparatus is an apparatus corresponding to the above method, and all the implementations in the above method embodiment are applicable to the embodiment of the apparatus, and the same technical effects can be achieved.
The invention also provides an electronic device, which comprises a processor, a memory and a program or an instruction stored on the memory and capable of running on the processor, wherein the program or the instruction realizes the steps of the message transmission method when being executed by the processor.
It should be noted that the electronic device is an electronic device corresponding to the method, and all implementation manners in the embodiment of the method are applicable to the embodiment of the electronic device, and the same technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method as described above.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product comprising program code for implementing the method or the apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (10)
1. A message transmission method is applied to gateway equipment, and is characterized in that the method comprises the following steps:
receiving a first message transmitted by a public network interface;
adding a first mark to the first message;
and sending the first message to a target host through a local area network interface according to the first mark and a first routing strategy.
2. The method according to claim 1, wherein the first packet is sent from the gateway device to the destination host via an arp packet filtering module.
3. The message transmission method according to claim 1, further comprising:
receiving a second message sent by the target host through the local area network interface;
adding a second mark to the second message;
and sending the second message to a public network through a public network interface according to the second mark and a second routing strategy.
4. The message transmission method according to claim 3, wherein the destination address of the second message is changed to the IP address of the gateway device by the target host through an arp message filtering module, and the destination MAC is changed to the MAC of the gateway device by a firewall function module of a data link layer at the target host.
5. The message transmission method according to claim 1, wherein the gateway device binds the MAC address of the MAC layer and the virtual ip of the destination host via an ip neighbor command.
6. The message transmission method according to claim 1, further comprising:
a third message transmitted to the public network through a public network interface;
adding a third mark to the third message; the third flag is used to indicate that the third packet is processed by the gateway device.
7. The message transmission method according to claim 6, further comprising:
receiving a fourth message fed back by the public network according to the third message; the fourth message carries a third tag;
and processing a fourth message on the gateway equipment according to the third mark.
8. A message transmission device is applied to gateway equipment, and is characterized in that the device comprises:
the receiving module is used for receiving a first message transmitted by a public network interface;
the processing module is used for adding a first mark to the first message; and sending the first message to a target host through a local area network interface according to the first mark and a first routing strategy.
9. An electronic device comprising a processor, a memory, and a program or instructions stored on the memory and executable on the processor, the program or instructions, when executed by the processor, implementing the steps of the transmission method of messages according to any one of claims 1 to 7.
10. A readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the transmission method of messages according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111476614.3A CN114268470A (en) | 2021-12-06 | 2021-12-06 | Message transmission method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111476614.3A CN114268470A (en) | 2021-12-06 | 2021-12-06 | Message transmission method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114268470A true CN114268470A (en) | 2022-04-01 |
Family
ID=80826730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111476614.3A Pending CN114268470A (en) | 2021-12-06 | 2021-12-06 | Message transmission method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114268470A (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6609153B1 (en) * | 1998-12-24 | 2003-08-19 | Redback Networks Inc. | Domain isolation through virtual network machines |
| KR20070003409A (en) * | 2005-07-01 | 2007-01-05 | 남양정보기술(주) | A secure gateway system and method with internal network user authentication and packet control function |
| CN101141420A (en) * | 2007-09-05 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and system for performing data communication between private network and public network |
| KR20090010878A (en) * | 2007-07-23 | 2009-01-30 | 삼성전자주식회사 | All-in-one voice of ip system including multi-function and method of processing signalling therefor |
| CN102170380A (en) * | 2010-02-25 | 2011-08-31 | 杭州华三通信技术有限公司 | Method and device for accessing outer network from inner network |
| CN102209124A (en) * | 2011-06-08 | 2011-10-05 | 杭州华三通信技术有限公司 | Method for communication between private network and public network and network address translation equipment |
| CN102325197A (en) * | 2011-05-23 | 2012-01-18 | 杭州华三通信技术有限公司 | Method for communication between intranet equipment and internet equipment and network address transformation equipment |
| CN102413124A (en) * | 2011-11-02 | 2012-04-11 | 深圳市共进电子股份有限公司 | Method for realizing strengthening of demilitarized zone (DMZ) of network |
| US20120185563A1 (en) * | 2010-08-31 | 2012-07-19 | Springsoft K.K. | Network system, virtual private connection forming method, static nat forming device, reverse proxy server and virtual connection control device |
| US20130347095A1 (en) * | 2012-06-25 | 2013-12-26 | International Business Machines Corporation | Isolation and security hardening among workloads in a multi-tenant networked environment |
| CN103957572A (en) * | 2014-05-20 | 2014-07-30 | 普天信息技术有限公司 | Android-system-based distribution method through multi-network route policy |
| US20160072717A1 (en) * | 2014-09-09 | 2016-03-10 | Shad I. Ansari | Reducing packet reordering in flow-based networks |
| WO2017036267A1 (en) * | 2015-08-28 | 2017-03-09 | 华讯方舟科技有限公司 | Data packet forwarding method and apparatus |
| CN109547452A (en) * | 2018-11-30 | 2019-03-29 | 四川安迪科技实业有限公司 | The method and system of TCP Transparent Proxy are realized on Linux bridge equipment |
| WO2020132982A1 (en) * | 2018-12-26 | 2020-07-02 | 华为技术有限公司 | Data transmission method and routing device |
| CN112235175A (en) * | 2020-09-01 | 2021-01-15 | 深圳市共进电子股份有限公司 | Access method and access device of network bridge equipment and network bridge equipment |
| CN113079144A (en) * | 2021-03-24 | 2021-07-06 | 上海井星信息科技有限公司 | SIP WebRTC gateway system penetrating DMZ network |
-
2021
- 2021-12-06 CN CN202111476614.3A patent/CN114268470A/en active Pending
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6609153B1 (en) * | 1998-12-24 | 2003-08-19 | Redback Networks Inc. | Domain isolation through virtual network machines |
| KR20070003409A (en) * | 2005-07-01 | 2007-01-05 | 남양정보기술(주) | A secure gateway system and method with internal network user authentication and packet control function |
| KR20090010878A (en) * | 2007-07-23 | 2009-01-30 | 삼성전자주식회사 | All-in-one voice of ip system including multi-function and method of processing signalling therefor |
| CN101141420A (en) * | 2007-09-05 | 2008-03-12 | 杭州华三通信技术有限公司 | Method and system for performing data communication between private network and public network |
| CN102170380A (en) * | 2010-02-25 | 2011-08-31 | 杭州华三通信技术有限公司 | Method and device for accessing outer network from inner network |
| US20120185563A1 (en) * | 2010-08-31 | 2012-07-19 | Springsoft K.K. | Network system, virtual private connection forming method, static nat forming device, reverse proxy server and virtual connection control device |
| CN102325197A (en) * | 2011-05-23 | 2012-01-18 | 杭州华三通信技术有限公司 | Method for communication between intranet equipment and internet equipment and network address transformation equipment |
| CN102209124A (en) * | 2011-06-08 | 2011-10-05 | 杭州华三通信技术有限公司 | Method for communication between private network and public network and network address translation equipment |
| CN102413124A (en) * | 2011-11-02 | 2012-04-11 | 深圳市共进电子股份有限公司 | Method for realizing strengthening of demilitarized zone (DMZ) of network |
| US20130347095A1 (en) * | 2012-06-25 | 2013-12-26 | International Business Machines Corporation | Isolation and security hardening among workloads in a multi-tenant networked environment |
| CN103957572A (en) * | 2014-05-20 | 2014-07-30 | 普天信息技术有限公司 | Android-system-based distribution method through multi-network route policy |
| US20160072717A1 (en) * | 2014-09-09 | 2016-03-10 | Shad I. Ansari | Reducing packet reordering in flow-based networks |
| WO2017036267A1 (en) * | 2015-08-28 | 2017-03-09 | 华讯方舟科技有限公司 | Data packet forwarding method and apparatus |
| CN109547452A (en) * | 2018-11-30 | 2019-03-29 | 四川安迪科技实业有限公司 | The method and system of TCP Transparent Proxy are realized on Linux bridge equipment |
| WO2020132982A1 (en) * | 2018-12-26 | 2020-07-02 | 华为技术有限公司 | Data transmission method and routing device |
| CN112235175A (en) * | 2020-09-01 | 2021-01-15 | 深圳市共进电子股份有限公司 | Access method and access device of network bridge equipment and network bridge equipment |
| CN113079144A (en) * | 2021-03-24 | 2021-07-06 | 上海井星信息科技有限公司 | SIP WebRTC gateway system penetrating DMZ network |
Non-Patent Citations (5)
| Title |
|---|
| ARLINGTONROAD: "IPTables 表、链、规则基础", Retrieved from the Internet <URL:https://blog.csdn.net/Arlingtonroad/article/details/121618911> * |
| MOHAMMAD MOALLEMI; CARLOS A. CASTRO-PEÑA; MASSOOD TOWHIDNEJAD; BIRUK ABRAHAM: "Information security in the Aircraft Access to System Wide Information Management infrastructure", 2016 INTEGRATED COMMUNICATIONS NAVIGATION AND SURVEILLANCE (ICNS), 9 July 2016 (2016-07-09), pages 3 - 7 * |
| SAMIULLAH MEHRABAN; KOMIL. B. VORA; DARSHAN UPADHYAY: "Deploy Multi Protocol Label Switching (MPLS) Using Virtual Routing and Forwarding (VRF)", 2018 2ND INTERNATIONAL CONFERENCE ON TRENDS IN ELECTRONICS AND INFORMATICS (ICOEI), 12 May 2018 (2018-05-12), pages 543 - 548, XP033460673, DOI: 10.1109/ICOEI.2018.8553949 * |
| 取个中文名: "ALG:应用层网关(防火墙)", Retrieved from the Internet <URL:https://blog.csdn.net/feng_125/article/details/53304353> * |
| 景建笃, 俞宁: "Linux下NAT的实现机制及应用", 微机发展, no. 09, pages 5 - 7 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11128493B2 (en) | Method for implementing residential gateway service function, and server | |
| CN102577331B (en) | Virtual 2nd layer and make its extendible mechanism | |
| CN108964940B (en) | Message sending method and device and storage medium | |
| CN106899710B (en) | IP address conversion method, IP address conversion device and gateway system | |
| WO2014019451A1 (en) | Method, device, and system for quick notification of cgn exception | |
| EP3576347A1 (en) | Network device snapshots | |
| US20140032782A1 (en) | Method and apparatus for route selection of host in multihoming site | |
| WO2023280240A1 (en) | Gateway switching method and apparatus, terminal device, and computer readable storage medium | |
| EP3188408A1 (en) | Method and apparatus for determining network topology, and centralized network state information storage device | |
| CN102780584B (en) | Method and device for quickly accessing network management system of Ethernet equipment | |
| JP2011120083A (en) | Method of path switching in multi-home connection environment, router, and program | |
| CN114268470A (en) | Message transmission method, device and equipment | |
| CN104935677B (en) | A kind of NAT64 resource acquiring method and acquisition/distributor | |
| CN108737454B (en) | Method and equipment for information synchronization between virtual gateway servers | |
| EP4199596A1 (en) | Routing information transmission method and apparatus | |
| JP5845964B2 (en) | Communication apparatus and program | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Configuring IBM Channel Attach | |
| Cisco | Network Protocols Configuration Guide, Part 3 Cisco IOS Release 12.0 Apollo Domain, Banyan VINES, DECnet, ISO CLNS, XNS | |
| CN113709133A (en) | IPVC6 communication system based on data center |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |