Sed (sed-fw2003) Firewall Technology - Design And Implementation Of Nat And Transparent Proxy

With the rapid development of the Internet, the problem of network security is outstanding increasingly. Firewall technology gives a solution to the problem.Our task is to finish a product sample with full functions and to achieve the national standard of 2nd level firewall established by the Police Department.NAT and transparent proxy are very important function modules of firewall.NAT would do network address translation for outbound packet so that inside hosts can use reserved IP addresses and outside hosts can not visit inside ones directly to realize one-way communication. Meanwhile, needed valid IP address number can be decreased by using NAT embedded usually in packet filtering module. Transparent proxy is that inside hosts can visit Internet without doing any set-up and knowing exsitence of firewall. All application layer data are forced to be filterd by proxy when transparent proxy is used and the process is transparent for users.NAT and transparent proxy provide a more powerful function for the firewall system.They are very important components of the firewall security system.This paper expatiates technical principles of NAT and transparent proxy and discusses the design and implementation of NAT and transparent proxy in SED-FW2003. NAT implements the functions of PAT and DNAT in the real time embedded operation system with the result of supporting protocols of TCP UDP and ICMP. The way in which many inside hosts use one IP has been realized by port mapping.Processing time is reduced due to the adoption of HASH.The problem that NAT fails to support FTP have been settled by sequence repairing. Transparent proxy including transparent channel and application level proxy would deal with its associated protocols of HTTP,FTP,TELNET,NNTP,POP3,SMTP,resulting in the application data filtration of URI command and mail rules.The debugging shows that the product sample has good functions and stability and the design goal has been achieved.