System and method for redirecting network traffic to provide secure communication

摘要

A communication security system is described which uses a server to communicate to an unprotected network, such as the Internet. The system intercepts an IP packet prior to stack incursion and replaces the destination address with that of a firewall's network interface address. Because of the modification to the IP header destination address, an IP header checksum is recalculated prior to presentation to the local stack. The system uses a shim to replace the destination address and store the original destination address. When a communication is authorized, the firewall performs a system call to retrieve the original destination address such that the data communication can be routed to the indented destination address.