• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.1
• /
• pp.47-59
• /
• 2003

The Internet telephony service is one of the commercially successful Internet application services. VoIP technology makes the service come true. VoIP deploys H.323 or SIP as the standard protocol for the distributed multimedia services over the Internet in which QoS is not guaranteed. VoIP carries the packetized voice over the RTP/UDP/IP protocol stack. The data transmission trouble is caused by UDP when the service is provided in private networks and some ISP-provided Internet access networks in the private address space. The Internet telephony users in such networks cannot listen the voices of the other parties in the public Internet or PSTN. Making the problem more difficult, the Internet telephony service considered in this paper gets the incoming voice packets of every session through only one UDP port number. In this paper, three schemes including the terminal proxy, the gateway proxy, and the protocol translation are suggested to solve the problems. The design and implementation of the NAT proxy server based on gateway proxy scheme are described in detail.

• Journal of Advanced Marine Engineering and Technology
• /
• v.27 no.1
• /
• pp.65-75
• /
• 2003

The internet telephony service is one of the successful internet application services. VoIP is the key technology for the service to come true. VoIP uses H.323 or SIP as the standard protocol for the distributed multimedia services over the internet environment, in which QoS is not guaranteed. VoIP carries the packetized voice by using the RTP/UDP/IP protocol stack. The UDP-based internet services cause the data transmission problem to the users behind the internet firewall. So does the internet telephony service. The users are not able to listen the voices of the counter-parts on the public internet or PSTN. It makes the problem more difficult that the internet telephony service addressed in this paper uses only one UDP port number to send the voice data of all sessions from gateway to terminal node. In this paper, two schemes including the usage of dummy UDP datagrams, and the protocol conversion are suggested. The implementation of one of the schemes, the protocol conversion, and the performance evaluation are described in detail.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.6
• /
• pp.1593-1602
• /
• 1998

In this paper, a hybrid firewall system using the screening router, dual-homed gateway, screened host galeway and the application level gateway is proposed, The screened host gateway is comjXlsed of screening router, DMZ and bastion host. All external input traffics are filtered by screening router with network protrcol filtering, and transmitted to the bastion host performing application level filtering, The dual homed gateway is an internlediate equipment prohibiting direct access from external users, The application level gateway is an equipment enabling transmission using only the proxy server. External users can access only through the public servers in the DMZ, but internal users can aeee through any servers, The rule base which allows Telnet only lo the adrnilllslratol is applied to manage hosts in the DMZ According to the equipmental results, denial of access was in orderof Web. Mail FTP, and Telnet. Access to another servers except for server in DMZ were denied, Prolocol c1mials of UDP was more than that of TCP, because the many hosts broadcasted to networds using BOOTP and NETBIOS, Also, the illegal Telnet and FTP that transfer to inside network were very few.