| 主权项 |
1. A method comprising:
providing, by a firewall interposed between a private network and an external network, network-layer protection against unauthorized access by external hosts associated with the external network to a plurality of hosts associated with the private network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses associated with the plurality of hosts; providing, by the firewall, application-layer protection from the external network on behalf of the plurality of hosts and supporting Voice over IP (VoIP) services by processing signaling protocols associated with VoIP sessions, including
distinguishing among VoIP packets and non-VoIP packets,parsing the VoIP packets, andenabling bi-directional VoIP communications among one or more of the plurality of hosts and one or more of the external hosts by performing content-aware NAT, including changing data in headers of the VoIP packets and also changing data contents in the VoIP packets corresponding to the data changed in the headers; receiving, by an external VoIP interface of the firewall, a plurality of incoming VoIP packets each being associated with one of a plurality of VoIP ports; causing each of the plurality of incoming VoIP packets to be directed to an appropriate host of the plurality of hosts by performing by the firewall port address forwarding based on a mapping of the plurality of VoIP ports to corresponding private addresses of the plurality of hosts. |
