1. Technical Field
The present disclosure relates generally to network technology. More particularly, the present disclosure relates to methods and apparatus for implementing an Application Layer Gateway (ALG).
2. Description of the Related Art
Network address translation (NAT) is performed in a variety of situations. Often NAT involves translating addresses from public addresses to private addresses, and vice versa. More particularly, address translation may involve source address translation and/or destination address translation. NAT that involves port mapping may be referred to as network address port translation (NAPT). Thus, NAT may involve address translation, as well as port mapping.
Generally, NAT is typically performed on the header of a packet. However, some higher-layer protocols such as File Transfer Protocol (FTP) and Session Initiation Protocol (SIP) provide addresses and/or port numbers inside the body (i.e., payload) of the packet. If the endpoint sending such a packet lies behind a simple NAT firewall, the translation of the IP address(es) and/or port number(s) in the body of the packet by the NAT firewall makes the information in the body of the packet invalid.
An Application Layer Gateway (ALG) software module running on a NAT firewall device may be used to update any payload data made invalid by address translation. However, an endpoint that implements protocols such as Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) (STUN) or Interactive Connectivity Establishment (ICE) may perform its own NAT translations on the body of packets it transmits. Since networks may include devices supporting various protocols or versions of such protocols, the result of the application of ALG functionality to packets transmitted by such devices is unpredictable.