Method and device for accessing isolated host in local area network

Abstract

The invention discloses a method for accessing a host in an isolated area in a local area network, comprising: configuring a mapping relationship between a public network IP address acquired from the WAN side and a private IP address of an isolated area host on the LAN side; After the access request sent by the client on the LAN side, according to the configured mapping relationship, modify the destination IP address in the access request to the private network IP address of the host in the corresponding isolated area on the LAN side, and send the modified access request to the isolated area. Zone host; receive the reply message returned by the isolated zone host, modify the source IP address contained in it to the public network IP address of the client on the WAN side, and send the modified reply message to the WAN side. The invention also discloses a corresponding device. By adopting the solution disclosed by the invention, while improving the security of the DMZ host, the utilization efficiency of the IP address on the wide area network side is improved, and greater convenience is provided for the access on the wide area network side.

Description

technical field [0001] The invention relates to the technical field of broadband network, in particular to a method and system for accessing hosts in isolated areas in local area networks. Background technique [0002] At present, in some SOHO office broadband access scenarios, in addition to basic Internet access services, multiple devices in the SOHO office area need to be opened for WAN (wide area network, wide area network) access, and the current situation for the IPv4 protocol stack , when dialing through the WAN side, the CPE (Customer Premise Equipment) usually can only obtain an IP address on the WAN side, and when the WAN side accesses the DMZ (demilitarized zone, isolated area) host on the LAN side through the CPE, the IP address obtained by the CPE The IP address can only be mapped to one DMZ host; and, because the CPEWAN side itself will provide some external services, some ports on the CPEWAN side need to be reserved, so it is impossible to map all the ports on...

AI Technical Summary

Problems solved by technology

[0002] At present, in some SOHO office broadband access scenarios, in addition to basic Internet access services, multiple devices in the SOHO office area need to be opened for WAN (wide area network, wide area network) access, and the current situation for the IPv4 protocol stack , when dialing through the WAN side, the CPE (Customer Premise Equipment) usually can only obtain an IP address on the WAN side, and when the WAN side accesses the DMZ (demilitarized zone, isolated area) host on the LAN side through the CPE, the IP address obtained by the CPE The IP address can only be mapped to one DMZ host; and, since the CPEWAN side itself will provide some external services, some ports on the CPEWAN side need to be reserved, so all ports on the CPEWAN side cannot be mapped to the DMZ area Therefore, the utilization efficiency of the IP address on the WAN side cannot be improved, and it is inconvenient for the WAN side to access the DMZ host on the LAN side.

Images