Design And Implementation Of IPv6-Supporting Network Access Control Gateway

With the rapid development of computer technology, network applications have been promoting around the world. How to effectively manage network resources, calculate occupation of the network resources and supervise people’s online behavior to avoid inefficiency in work and wastes of network resources has become pressing needs. On the other hand, with the development of the Internet, some new IPv6resources have emerged, how to make users access these IPv6resources easily also become an urgent problem.This thesis takes the Netfilter/iptables of the Linux firewall as a foundation, uses iptables, the configuration tool of the Netfilter to configure the rules, and designs a network traffic statistics and network access control system based on Linux with the technique of CGI and Apache server. This system uses NAPT-PT technique to make LAN hosts can access IPv6resources. NAPT-PT technique includes network address port translation and protocol translation. NAPT allows mapping of tuples of the type (local IP addresses, local TU port number) to tuples of the type (registered IP address, assigned TU port number). PT stands for the translation of the IPv4packet into a semantically equivalent IPv6packet and vice-versa. LAN hosts do not need to install any additional software, thus they can transparently access the IPv6resources.First, the thesis begins with detailed description of the architecture of Netfilter and the characteristic of IPv6and the comparison between IPv4and IPv6was given. At the same time, DNS and other relevant protocols was introduced. we focus on the operating mechanism and the implementation method of Netfilter, Configuration tool iptables, NAPT-PT technique and means of Linux kernel module programming. Next, in the introduction of overall design and function implementation, first of all, the overall design and solution are introduced. And also the process of setting up system environment is described. In addition to these, the design of each module and the working relationship between each module are introduced. Moreover, according to the partition of the modules, each module’s implementation, principle and flow are specified in detail. In the end, the system is tested in the experimental environment. And satisfactory results are obtained. The analytic results with the test data are given in the end.