Integrated Defense Systems Nat And Transparent Proxy Design And Implementation,

With the rapid development of Internet, the requirement for network security grows higher. The way to create a network that is safe at every point has gradually become a very hot topic in network security. "Integerated defence system", a project founded by Electronic Development Funds of Ministry of Information Industry, is a lucubration in this area. Meanwhile, in order to control the firewalls in every point, we should design a firewall under every operation system enviroment. As a child-subject of "Integerated defence system", this paper is mainly about the design and implementation of firewall under windows 2003.NAT and transparent proxy are very importmant function modules of firewall. Be a solution to the shortage of IPv4 addresses, NAT could modify the network addresses of the packets passing. Not only it will prevent the short of IPv4 addresses, but also the local network could be protected by it. Transparent proxy can filter the data passing while not be configured by the custom host. All application layer data are forced to be checked by proxy when it is used. It provides a much powerful function for the firewall system, and becomes a very important component of the firewall security system.In this thesis, firstly, it discusses and summarizes the basic theories, working principles and corresponding protocols. Then it brings up the design and implementation of NAT and transparent proxy. Through the analysis of windows NDIS frameworks, the NAT use NDIS Intermediate driver technique and modify the packets during it. The NAT we designed support TCP, UDP and ICMP protocols. Customer hosts in local network could connect to the Internet using one IPv4 address. Also FTP protocol was supported by NAT by sequence repairing. In the part about transparent proxy, this dissertation presents the implementation of transparent channel and application level proxy of HTTP, FTP, TELNET. It includes the function of source\destination IP, URL, command filter and etc.The testing about the functions and performance of the system approves that it accomplished high performance and reaches our designing goals.