Implementation method and system for industrial control firewall to support FTP to traverse NAT

An implementation method and firewall technology, applied in the direction of transmission system, electrical components, etc., can solve the problems of FTP function not working normally, unable to apply transparent NAT translation, etc.

Active Publication Date: 2021-10-22
北京威努特技术有限公司
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the traditional NAT technology can only process the headers of the IP layer and the transport layer. For the application layer protocol, NAT cannot make these applications transparently complete the NAT conversion, so the FTP function cannot work normally in the existing NAT environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Implementation method and system for industrial control firewall to support FTP to traverse NAT
  • Implementation method and system for industrial control firewall to support FTP to traverse NAT
  • Implementation method and system for industrial control firewall to support FTP to traverse NAT

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] Such as figure 1 As shown, Embodiment 1 of the present application provides an implementation method for an industrial control firewall to support FTP traversal of NAT, including an implementation method for FTP traversal of NAT in FTP active mode and an implementation method for FTP traversal of NAT in FTP passive mode (FTP: File Transfer Protocol, The file transfer protocol is one of the protocols in the TCP / IP protocol suite):

[0045] Implementation method of FTP traversal through NAT in FTP active mode:

[0046] Set the FTP active mode, that is, the FTP server actively connects to the data port of the FTP client. The FTP client initiates a connection to the FTP server through the industrial control firewall and sends a PORT command to the FTP server. The industrial control firewall configures a NAT policy and converts the IP address in the PORT command message. , and temporarily establish a NAT rule that matches the data channel of the PORT command message, and th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an implementation method and system for an industrial control firewall to support FTP traversal NAT. The method comprises the following steps: in an FTP active mode, an FTP client sends a PORT command to an FTP server, an industrial control firewall configures an NAT strategy, converts an IP address in a PORT command message and temporarily establishes an NAT rule matched with a PORT command message data channel, and the FTP server is connected with a port specified by the FTP client for data transmission; in an FTP passive mode, the FTP client sends a PASV command to the FTP server to inform the FTP server that the FTP server is in the passive mode, the industrial control firewall configures an NAT strategy, converts an IP address in a PASV command message and temporarily establishes an NAT rule matched with a PASV command message data channel, the FTP server informs a data port of the FTP client after receiving the PASV command, and the FTP client is connected with the data port notified by the FTP server for data transmission. According to the technical scheme provided by the invention, the NAT can support protocols containing dynamic ports, such as FTP, and the FTP is not interrupted when traversing the NAT.

Description

technical field [0001] The invention relates to the field of industrial control security, in particular to an implementation method and system for an industrial control firewall supporting FTP traversal through NAT. Background technique [0002] FTP (File Transfer Protocol, File Transfer Protocol) is one of the protocols in the TCP / IP protocol suite. The FTP protocol consists of two components, one is the FTP server and the other is the FTP client. The FTP server is used to store files, and users can use the FTP client to access resources on the FTP server through the FTP protocol. [0003] When some hosts in the private network have been assigned local IP addresses (that is, private addresses used only in this private network), but now want to communicate with hosts on the Internet (no encryption is required), NAT can be used (Network Address Translation, network address translation) method. [0004] However, the traditional NAT technology can only process the headers of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L29/06
CPCH04L61/256H04L63/02
Inventor 王宽石凌志
Owner 北京威努特技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap