CN114978890A - Port mapping system and mapping method thereof - Google Patents
Port mapping system and mapping method thereof Download PDFInfo
- Publication number
- CN114978890A CN114978890A CN202210526920.1A CN202210526920A CN114978890A CN 114978890 A CN114978890 A CN 114978890A CN 202210526920 A CN202210526920 A CN 202210526920A CN 114978890 A CN114978890 A CN 114978890A
- Authority
- CN
- China
- Prior art keywords
- port
- port mapping
- mapping
- internal network
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013507 mapping Methods 0.000 title claims abstract description 174
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000012550 audit Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 3
- 238000013024 troubleshooting Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a port mapping system and a mapping method thereof, wherein the mapping system comprises a control device, internal network equipment and a plurality of port mapping servers; the control device is used for registering the address of the internal network equipment and the external network equipment supported by the port mapping server, the available port and the port forwarding performance; the system comprises a port mapping server, a port mapping server and a port mapping server, wherein the port mapping server is used for analyzing an access request after receiving the request of a user for accessing the internal network equipment, searching a configured port mapping database, if the configured port mapping database is not searched, selecting a spare port mapping server port according to the registered port mapping server information, configuring a port mapping relation for the corresponding internal network equipment, and issuing the spare port mapping server port to the selected port mapping server; and the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data. The invention can realize the mechanism control management of the port mapping server and reduce the maintenance cost and the technical difficulty of the enterprise network.
Description
Technical Field
The invention belongs to the technical field of network communication, and relates to a port mapping system and a mapping method thereof.
Background
Many enterprises have built internal lans and require the internal lans to be accessed over external networks, such as the internet. With the rapid development of the internet, the shortage of IP addresses is a very prominent problem, service resources of enterprises cannot have one IP address each, and port mapping is a solution for intercommunication between internal and external networks.
The port mapping is to map one port of the intranet host to one port of the extranet host, and when a user accesses a certain port of the extranet IP, the server automatically maps the user request to the port of the intranet host, so that the problem of intercommunication between the intranet and the extranet can be solved, the IP address space is saved, and for enterprises, a plurality of extranet IP addresses can meet a large amount of internal requirements of the enterprises.
The port mapping may be implemented by software such as rinted, Portmap, etc., and the port mapping may be implemented on a server as long as the software is installed on the server.
The port mapping method solves the intercommunication problem between the external network and the internal isolation network of the enterprise, but increases the operation and maintenance cost of the enterprise, and particularly has large configuration workload and low configuration efficiency when a large amount of intercommunication services exist. If configuration errors occur or ports are repeatedly mapped, business is obstructed or blocked, troubleshooting is difficult, the troubleshooting technical requirement is high, and the labor workload is large.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide a port mapping system and a mapping method thereof, which can realize mechanism control management of a port mapping server and reduce the maintenance cost and technical difficulty of an enterprise network.
In order to achieve the purpose, the invention is realized by adopting the following technical scheme:
in one aspect, the present invention provides a port mapping system, including a control device, an internal network device, and a plurality of port mapping servers;
the port mapping server is used for mapping the ports of the external network to the corresponding internal network ports according to port mapping configuration; the port mapping configuration records the mapping relation between an external network port and an internal network port;
the control device is used for registering the address of the internal network equipment and the external network equipment supported by the port mapping server, the available port and the port forwarding performance; the system is also used for analyzing the access request after receiving the request of the user for accessing the internal network equipment, searching the configured port mapping database to obtain the external network address and the port configured for the corresponding internal network equipment, and returning the external network address and the port to the user, so that the user can access the corresponding port mapping server through the external network address and the port;
when the control device searches the configured port mapping database, if the external network address and the port configured for the internal network equipment are not searched, selecting a spare port mapping server port according to the registered port mapping server information, configuring a port mapping relation for the corresponding internal network equipment, updating the configured port mapping relation data to the port mapping database, and issuing the port mapping relation data to the selected port mapping server; and the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data.
In another aspect, the present invention provides a mapping method of the port mapping system according to the first aspect, in which the control device stores port mapping data, and the mapping method includes the following steps:
the control device registers the addresses of internal network equipment and external network equipment supported by the port mapping servers, available ports and port forwarding performance;
the control device receives a request submitted by a user for accessing the internal network equipment, and analyzes the access request of the user;
when the access request of the user passes, the control device searches the configured port mapping database to obtain an external network address and a port configured for the corresponding internal network equipment, and returns the external network address and the port to the user, so that the user can access the corresponding port mapping server through the external network address and the port, and then the port of the external network is mapped to the corresponding internal network port through the port mapping server;
when the control device searches the configured port mapping database, if the external network address and the port configured for the internal network equipment are not found, the control device selects a free port mapping server port according to the registered port mapping server information, obtains a free port for mapping the internal network equipment, generates the table items of the external network equipment address, the port, the internal network equipment address and the port, converts the table items into a configuration format supported by a tool, updates the configuration format to the port mapping database and sends the configuration format to the selected port mapping server; the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data; and enabling a user to access the corresponding port mapping server through the external network address and the port, and mapping the port of the external network to the corresponding internal network port through the port mapping server.
Optionally, the access request includes: internal network device address and port, validity period, and access protocol.
Optionally, the method further includes: when the validity period of the user accessing the internal network equipment expires, the control device deletes the port mapping relation configured for the corresponding internal network equipment.
Optionally, the registered port mapping servers are respectively communicated with the external network and the internal network, and are installed with port mapping software.
Optionally, the port mapping software includes rinted and Portmap.
Optionally, when allocating the idle port, the control device configures at least one port mapping server, or uses a load balancing policy of the mapping server.
Optionally, when the user accesses the internal device, the control device provides audit, authority and security control of the port to the user.
Compared with the prior art, the invention has the following beneficial effects:
the port mapping method provided by the invention can realize mechanism control management on the port mapping server, improve the configuration efficiency, and avoid the problems of service obstruction or blockage and difficult troubleshooting when configuration errors occur or ports are repeatedly mapped; and the management of the mapping server is transparent to the user, so that the maintenance cost and the technical difficulty of the enterprise network are reduced.
Drawings
FIG. 1 is a flow chart illustrating the interaction of port mapping according to the present invention;
fig. 2 is a block diagram of a port map according to the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The first embodiment is as follows:
as shown in fig. 1 and 2, a port mapping system includes a control device, an internal network device, and a plurality of port mapping servers;
the port mapping server is used for mapping the ports of the external network to the corresponding internal network ports according to port mapping configuration; the port mapping configuration records the mapping relation between an external network port and an internal network port;
the control device is used for registering the addresses of the internal network equipment and the external network equipment supported by the port mapping server, and available ports and port forwarding performance; the system is also used for analyzing the access request after receiving the request of the user for accessing the internal network equipment, searching the configured port mapping database to obtain the external network address and the port configured for the corresponding internal network equipment, and returning the external network address and the port to the user, so that the user can access the corresponding port mapping server through the external network address and the port;
when the control device searches the configured port mapping database, if the external network address and the port configured for the internal network equipment are not searched, selecting a spare port mapping server port according to the registered port mapping server information, configuring a port mapping relation for the corresponding internal network equipment, updating the configured port mapping relation data to the port mapping database, and issuing the port mapping relation data to the selected port mapping server; and the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data.
The second embodiment:
as shown in fig. 1 and fig. 2, based on a port mapping system according to a first embodiment, the present embodiment provides a mapping method of a port mapping system, where a control device stores port mapping data, and the mapping method includes the following steps:
s1, the control device registers the address, available port and port forwarding performance of the internal network device and external network device supported by the port mapping servers, the registered port mapping servers are provided with port mapping software, and the port mapping software comprises Rinetd and Portmap;
s2, the control device receives the request of user to access the internal network device address and port, validity period and access protocol, and analyzes the access request of user;
s3, the control device searches the configured port mapping database to obtain the external network address and port configured for the corresponding internal network device, and returns the external network address and port to the user, so that the user can access the corresponding port mapping server through the external network address and port;
s3, when the control device searches the configured port mapping database, if the external network address and port configured for the internal network device are not found, the control device selects a free port mapping server port according to the registered port mapping server information, configures a port mapping relation for the corresponding internal network device, the configured port mapping relation is that according to the port mapping software type, the control device obtains the free port of the mapping device, generates the address of the external network device, the port, the address of the internal network device and the table entry of the port, converts the table entry into the configuration format supported by the tool according to the port mapping device type, updates the configured port mapping relation data to the port mapping database and sends the configuration format to one of the two selected port mapping servers, and a plurality of port mapping servers can realize port backup and high availability, or a load balancing strategy of the mapping server is adopted to improve the network performance; the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data, so that the user can access the corresponding port mapping server through the external network address and the port, and then the port of the external network is mapped to the corresponding internal network port through the port mapping server; when the user accesses the internal equipment, the control device provides audit, authority and safety control of the port for the user.
S4, when the validity period of the user accessing the internal network device expires, the control device deletes the configuration of the port mapping relationship for the corresponding internal network device.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (8)
1. A port mapping system, characterized by: the system comprises a control device, internal network equipment and a plurality of port mapping servers;
the port mapping server is used for mapping the ports of the external network to the corresponding internal network ports according to port mapping configuration; the port mapping configuration records the mapping relation between an external network port and an internal network port;
the control device is used for registering the address of the internal network equipment and the external network equipment supported by the port mapping server, the available port and the port forwarding performance; the system is also used for analyzing the access request after receiving the request of the user for accessing the internal network equipment, searching the configured port mapping database to obtain the external network address and the port configured for the corresponding internal network equipment, and returning the external network address and the port to the user, so that the user can access the corresponding port mapping server through the external network address and the port;
when the control device searches the configured port mapping database, if the external network address and the port configured for the internal network equipment are not searched, selecting a spare port mapping server port according to the registered port mapping server information, configuring a port mapping relation for the corresponding internal network equipment, updating the configured port mapping relation data to the port mapping database, and issuing the port mapping relation data to the selected port mapping server; and the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data.
2. A mapping method of a port mapping system according to claim 1, wherein the control device stores port mapping data, the mapping method comprising the steps of:
the control device registers the addresses of internal network equipment and external network equipment supported by the port mapping servers, available ports and port forwarding performance;
the control device receives a request submitted by a user for accessing the internal network equipment and analyzes the access request of the user;
when the access request of the user passes, the control device searches the configured port mapping database to obtain an external network address and a port configured for the corresponding internal network equipment, and returns the external network address and the port to the user, so that the user can access the corresponding port mapping server through the external network address and the port, and then the port of the external network is mapped to the corresponding internal network port through the port mapping server;
when the control device searches the configured port mapping database, if the external network address and the port configured for the internal network equipment are not found, the control device selects a spare port mapping server port according to the registered port mapping server information, acquires a spare port for mapping the internal network equipment, generates a table item of the external network equipment address, the port, the internal network equipment address and the port, converts the table item into a configuration format supported by a tool, updates the configuration format to the port mapping database and sends the configuration format to the selected port mapping server; the control device returns the external network address and the port corresponding to the internal network equipment to the user according to the newly configured port mapping relation data; and the user can access the corresponding port mapping server through the external network address and the port, and then the port of the external network is mapped to the corresponding internal network port through the port mapping server.
3. The mapping method of the port mapping system according to claim 2, wherein the access request comprises: internal network device address and port, validity period, and access protocol.
4. The mapping method of the port mapping system according to claim 3, further comprising: when the validity period of the user accessing the internal network equipment expires, the control device deletes the port mapping relation configured for the corresponding internal network equipment.
5. The mapping method of the port mapping system according to claim 2, wherein: the registered port mapping servers are respectively communicated with the external network and the internal network, and are provided with port mapping software.
6. The mapping method of the port mapping system according to claim 5, wherein: the port mapping software includes Rinetd and Portmap.
7. The mapping method of the port mapping system according to claim 2, wherein: when distributing the free port mapping server port, the control device at least configures one port mapping server, or adopts the load balancing strategy of the mapping server.
8. The mapping method of the port mapping system according to claim 2, further comprising: when the user accesses the internal equipment, the control device provides audit, authority and safety control of the port for the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210526920.1A CN114978890B (en) | 2022-05-16 | 2022-05-16 | Port mapping system and mapping method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210526920.1A CN114978890B (en) | 2022-05-16 | 2022-05-16 | Port mapping system and mapping method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114978890A true CN114978890A (en) | 2022-08-30 |
| CN114978890B CN114978890B (en) | 2024-01-23 |
Family
ID=82982344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210526920.1A Active CN114978890B (en) | 2022-05-16 | 2022-05-16 | Port mapping system and mapping method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978890B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499409A (en) * | 2022-09-29 | 2022-12-20 | 阿里巴巴(中国)有限公司 | NAT gateway, server and network system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605154A (en) * | 2009-07-09 | 2009-12-16 | 中兴通讯股份有限公司 | Use the IP Address Confirmation system and method for the network equipment of network address translation |
| CN102148879A (en) * | 2010-10-22 | 2011-08-10 | 华为技术有限公司 | Port mapping method and device and communication system |
| CN103516820A (en) * | 2012-06-25 | 2014-01-15 | 中兴通讯股份有限公司 | Port forwarding method and apparatus based on MAC address |
| CN105991789A (en) * | 2015-03-06 | 2016-10-05 | 中兴通讯股份有限公司 | Method for realizing virtual machine port mapping, servers and system |
-
2022
- 2022-05-16 CN CN202210526920.1A patent/CN114978890B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605154A (en) * | 2009-07-09 | 2009-12-16 | 中兴通讯股份有限公司 | Use the IP Address Confirmation system and method for the network equipment of network address translation |
| CN102148879A (en) * | 2010-10-22 | 2011-08-10 | 华为技术有限公司 | Port mapping method and device and communication system |
| US20130058256A1 (en) * | 2010-10-22 | 2013-03-07 | Huawei Technologies Co., Ltd. | Port mapping method and apparatus, and communication system |
| CN103516820A (en) * | 2012-06-25 | 2014-01-15 | 中兴通讯股份有限公司 | Port forwarding method and apparatus based on MAC address |
| CN105991789A (en) * | 2015-03-06 | 2016-10-05 | 中兴通讯股份有限公司 | Method for realizing virtual machine port mapping, servers and system |
Non-Patent Citations (2)
| Title |
|---|
| 傅丰;徐洪章;: "端口映射的分析与应用", 天中学刊, no. 02 * |
| 王新宇;胡华海;: "发布网络内部服务器及内网建站的方法", 科技信息, no. 01 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499409A (en) * | 2022-09-29 | 2022-12-20 | 阿里巴巴(中国)有限公司 | NAT gateway, server and network system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978890B (en) | 2024-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8767737B2 (en) | Data center network system and packet forwarding method thereof | |
| US10084680B2 (en) | System and method for subscriber aware network monitoring | |
| CN100446495C (en) | Method and system for sharing connection dynamically | |
| EP1604486B1 (en) | Relational model for management information in network devices | |
| US20060153167A1 (en) | Computer tracking and locking | |
| US7093261B1 (en) | Message integration framework for multi-application systems | |
| CN110324177A (en) | Service request processing method, system and medium under micro-service architecture | |
| US20050002380A1 (en) | Automated IT asset location system | |
| CN110209719B (en) | System and method for unified access of multiple databases based on micro-service architecture | |
| US8782212B2 (en) | Detecting whether components are functioning together according to an operating hybrid solution | |
| CN108632378B (en) | Monitoring method for cloud platform service | |
| US8990395B2 (en) | Controlling access to managed objects in networked devices | |
| WO2014026587A1 (en) | Method, device, and system for discovering machine to machine service | |
| US20050071457A1 (en) | System and method of network fault monitoring | |
| US20090077201A1 (en) | Root node for integrating nas of different user name spaces | |
| CN114978890B (en) | Port mapping system and mapping method thereof | |
| CN104680303A (en) | Construction method for SNMP (simple network management protocol)-based business index monitoring system | |
| CN100499590C (en) | Message access controlling method and a network apparatus | |
| CN104936202B (en) | 6LoWPAN wireless sensor network management system based on CoAP agreement | |
| CN100396002C (en) | System and method for identifying authority using relative inquire | |
| CN1972276A (en) | A management method and system for protocol access | |
| CN103106242A (en) | Phone bill query method and phone bill query system | |
| CN111385146A (en) | API gateway routing entity configuration method and system based on Kong | |
| CN101355453A (en) | Operation management maintenance proxy apparatus and method for implementing network management | |
| JP5380999B2 (en) | A state-dependent data maintenance system for multiple functional entities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |