Network gateway apparatus

摘要

A network gateway apparatus which adds encryption to easily implement secure communication without affecting network environment settings includes two network interface cards to communicate on two networks. The processor of the network gateway apparatus initializes communications through the network interface cards and uses a TCP/IP protocol stack to communicate through the network interface cards. When a packet is received by one of the network interface cards, the processor replaces the origin MAC and IP addresses and the destination MAC and IP addresses with temporary values. Then the processor encrypts the payload. The packet is sent to the TCP/IP protocol stack, which sends the packet to one of the two network interface cards according to the temporary values. The MAC an IP addresses of the final destination of the packet are rewritten to the packet and the packet is transmitted.

主权项

1. A network gateway apparatus, comprising:
a first network interface card connected to a first network and configured to communicate with devices connected to the first network; a second network interface card connected to a second network and configured to communicate with devices connected to the second network; a processor including an initialization unit configured to initialize the first and second network interface cards to an unprotected state, and a TCP/IP protocol stack configured to perform communication processing between the first and second network interface cards, wherein when a packet is received via the first network interface card, the processor replaces an origin MAC address of the packet with a first temporary MAC address, an origin IP address with a first temporary IP address, a destination MAC address with a MAC address of the second network interface card, and a destination IP address with an IP address of the second network interface card, then transmits the packet to the TCP/IP protocol stack, and the TCP/IP protocol stack transmits the packet to the second network interface card based on the destination MAC address and the destination IP address of the packet after replacing by the processor, wherein the processor further includes an address conversion unit configured to establish a TCP connection with the first network interface card, and to establish a TCP connection with the second network interface card, the address conversion unit acting as a server with respect to the first network interface card and acting as a client with respect to the second network interface card, and a socket processing unit configured to open and close TCP connections with the TCP/IP protocol stack, the socket processing unit establishing a TCP connection between the first network interface card and the TCP/IP protocol stack via the address conversion unit and establishing a TCP connection between the TCP/IP protocol stack and the second network interface card via the address conversion unit.