1. Technical Field of the Invention
This invention pertains to network address translation and IP filtering. More specifically, it relates to selective masquerading of internal IP addresses among a plurality of public IP address.
2. Background Art
IP Network Address Translation (NAT) and IP Filtering functions provide firewall-type capability to an Internet gateway system.
Network Address Translation (NAT) is done various ways. Among the known ways is masquerade NAT, in which IP addresses in IP packets are changed as the packets flow out of and into a masquerading system. The masquerading system is typically on the boundary between an organization""s private networks and public networks, such as the Internet. The main benefits to these organizations of these address changes are:
1. Systems on the private network are free to use any subset of the IP address space, any IP class, superclass, subclass, or designated private IP addresses. This provides great flexibility, freedom, and control to the organization in assigning IP addresses and designing its internal network.
2. The IP addresses of private systems, the network and subnet architecture are kept hidden. The addresses do not appear on Internet IP packets. Improved security is the result.
Therefore, masquerade NAT is widely used by industry, government and other organizations today.
Masquerade NAT is a form of NAT defined by a many-to-one mapping of an organization""s internal addresses to a single, public IP address. There is a need in the art to remove this restriction to a single address; to allow a system administrator to selectively designate subsets of internal IP addresses to be masqueraded, with each subset mapped to a different, single, public IP address; and improve management of internal IP addresses by allowing multiple network interfaces or masquerading systems to be used for load balancing.
It is an object of the invention to provide an improved masquerade NAT capability for gateway systems.
It is a further object of the invention to provide a selective masquerade NAT system capability, whereby subsets of internal IP addresses may be selectively masqueraded among a plurality of public IP addresses.
An address management system and method. ADDRESS statements and HIDE rule statements are processed to generate a file of masquerade rules for associating subsets of internal addresses among a plurality of public addresses. Responsive to these masquerade rules, network address translation is performed for incoming and outgoing IP datagrams.