1. Field of the Invention
The present invention relates to network communication technologies, particularly to a method for providing a server in an internal network with a shared public Internet Protocol (IP) address.
2. Background of the Invention
The Network Address Translation (NAT) technology provides a method of accessing the Internet from hosts in a Local Area Network (LAN), and the method solves the problem of insufficient IP addresses. Under the NAT technology, however, the internal hosts in the LAN are invisible to the Internet, i.e., hosts in the Internet cannot proactively access an internal host in the LAN. For example, there is a host with an IP address of 10.110.0.0/24 in a LAN, and the LAN is connected to the Internet via a private line and has a valid public IP address of 202.38.160.1 provided by an Internet Service Provider (ISP). Through the NAT technology, all hosts in the LAN can share the IP address 202.38.160.1 to access the Internet. However, hosts on the Internet are unable to proactively access any internal host in the LAN.
With the development of network technologies, many organizations begin to establish internal LANs using private addresses. Sometimes, internal hosts in such a LAN store resources, and they need to be accessed by users on the Internet. For example, a LAN includes a host that provides a web server, and users on the Internet may access the host providing the web server in the LAN. Currently, in order to enable users on the Internet to access a host in a LAN, a “static mapping” configuration technique is used. For example, a web server is set up in a LAN, and the web server's internal IP address is 10.110.0.1. A “static mapping” configuration binds the web server's internal IP address 10.110.0.1 with a valid IP address 202.38.160.1, provided by an ISP. Thus, if a host on the Internet wants to access the web server, it can access the host with the internal IP address 10.110.0.1 through the binding IP address 202.38.160.1. Although the above method satisfies the requirement for providing an internal server in the LAN, other hosts in the LAN, at the same time, cannot access the Internet with the valid IP address, which results in waste of the valid public IP address. Furthermore, the LAN cannot provide other services (such as Domain Name Server (DNS) or File Transfer Protocol (FTP) server) to the Internet users.
Therefore, the method for providing an internal server with a static binding IP address, as with the traditional technology, has the following disadvantages:
First, although the method of static IP address binding enables hosts on the Internet to access an internal server in the LAN, the IP address provided to the LAN is not utilized in full, which results in a waste of limited IP address resources.
Second, the scheme has a potential security risk: a server usually provides a single service to outside users, for example, a web server is just used to deliver a Hypertext Transfer Protocol (HTTP) service to the external world, and the host of the web server only needs to provide a port 80 for outside access. However, if the web server is provided through the static binding method, users in external networks can access not only the port 80, but also other ports. For example, some servers can be maintained through Telnet access, such maintenance should only be done through internal network equipments, however, if the static binding method is used for IP address translation, hosts in the external networks or the Internet can also access the server through Telnet, thus bringing potential security risk for the internal server.
Third, according to the traditional technology, internal services cannot be provided through non-standard ports of the internal server, for example, if two web servers are to be provided in the LAN and one of them has to use port 8080 instead of port 80, this cannot be realized according to the traditional technology.