Generally, a private address is used in a LAN for home and office. Meanwhile, a global address is used in a WAN for the Internet. Therefore, it is not possible to directly access the Internet from a node of a home network or an office network.
Accordingly, an apparatus for providing connection between networks which is referred to as a router, a switch, a gateway or the like is installed between the LAN and the WAN. The apparatus for providing connection between networks has an address translation function referred to as NAT (Network Address Translation) or IP masquerade. The NAT allows one-on-one translation between a private address allocated to an inner node of the LAN and a global address allocated to an external node of the WAN. The NAT is used when the LAN has a single internal node. Meanwhile, the IP masquerade allows a plurality of private addresses to be used by a single global address. The IP masquerade translates a port number and a private address of the LAN to a port number and a global address of the WAN (see, e.g., Patent Document 1).
FIG. 12 shows an example of an access operation between terminals in the case of using a router as an apparatus for providing connection between networks.
Referring to FIG. 12, a router 30 includes a single WAN port PP0 and a plurality of LAN physical ports PP1 to PPn. An external terminal TM10 is connected to the WAN port PP0 through a WAN 2. Meanwhile, internal terminals TM11 to TM1n are respectively connected to the LAN physical ports PP1 to PPn through a LAN 1. A global address (10.1.101.150) is allocated to the WAN port PP0, and a global address (10.1.101.200) is allocated to the external terminal TM10. Further, private addresses (192.168.1.1), (192.168.1.2) . . . (192.168.1.n) are respectively allocated to the internal terminals TM11 to TM1n. 
For example, when the internal terminal TM 11 connected to the LAN 1 needs to access the external terminal TM10, the internal terminal TM11 generates, in step S41, an IP packet in which a transmission destination port number 80 and the global address (10.1.101.200) of the external terminal TM10 are set as a transmission destination address and a transmission source port number 3000 and the private address (192.168.1.1) of the internal terminal TM11 are set as a transmission source address and transmits the generated IP packet to the router 30.
In step S42, the router 30 that has received the IP packet converts the private address (192.168.1.1) set as the transmission source address of the IP packet to the global address (10.1.101.150) of the WAN port PP0 and the transmission source port number 3000 to a port number 8000 dynamically allocated by the router 30. Next, in step S43, the IP packet whose transmission source address has been converted is transmitted from the WAN port PP0 to the external terminal TM10 through the WAN 2. In order to prepare for the return of the IP packet from the external terminal TM10, the router 30 dynamically stores in an address conversion table the transmission source addresses after conversion in correspondence with the transmission source address before conversion.
In case that the external terminal TM10 returns the IP packet, the external terminal TM10 that has received the IP packet generates a new IP packet in which the transmission source port number 8000 and the transmission source address (the global address (10.1.101.150)) of the received IP packet are set as a transmission destination address and the transmission destination port number 80 and the global address (10.1.101.200) of the external terminal TM1 are set as a transmission source address and transmits the new IP packet to the router 30.
Upon receiving the new IP packet from the external terminal TM10, the router 30 refers to the address conversion table and converts the transmission destination address of the received IP packet to the port number 3000 and the private address (192.168.1.1) of the internal terminal TM11. Then, the IP packet is transmitted from the physical port PP1 to the internal terminal TM11 through the LAN 1.
In case that another internal terminal TM12 accesses the external terminal TM10, the steps S44 to S46 are carried out similarly to the case that the internal terminal TM11 accesses the external terminal TM10.
Meanwhile, when the WAN external terminal TM10 accesses the internal terminals TM11 to TM1n, the following steps are carried out. FIG. 13 shows an example of the access sequence.
For example, when the external TM10 accesses the internal terminal TM11, the external terminal TM10 generates, in step S51, an IP packet in which a port number 5000 and the global address (10.1.101.200) allocated to the external terminal TM10 are set as a transmission source IP address and the port number 80 and the global address (10.1.101.150) allocated to the WAN port PP0 are set as a transmission destination address and transmits the IP packet to the router 30 through the WAN 2.
The router 30 includes the address conversion table that has been created statically in advance. In step S52, the router 30 that has received the IP packet from the external terminal TM10 retrieves the address conversion table by using as a key the transmission destination port number 80 set in the IP packet. As a result of the retrieval, the router 30 converts the port number 80 and the transmission destination global address (10.1.101.150) to the port number 80 and the private address (192.168.1.1) of the internal terminal TM11. In step S53, the router 30 transmits to the internal terminal TM11 through the LAN 1 the IP packet whose transmission destination address has been converted from the LAN physical port PP1.
When the external terminal TM10 transmits the IP packet to one of other internal terminals TM12 to TM1n, the router 30 performs the steps of: retrieving the address conversion table by using the transmission destination port number of the IP packet as a key; converting the transmission destination address; and transmitting the IP packet (e.g., steps S54 to S56) similarly to the case that the external terminal TM10 accesses the internal terminal TM11.
Patent Document 1: Japanese Patent Application Publication No. 2007-116441
However, as described above, in order to allow the WAN external terminal TM10 to access the LAN internal terminals TM11 to TM1n, the router 30 needs to create the address conversion table and statically store in the address conversion table the information on the correspondence relationship between the global addresses of the WAN ports and the private addresses of the internal terminals TM11 to TM1n. Therefore, it becomes a significant burden to manage the address conversion table when the router 30 is managed.
In the case of using the static address conversion table, the following problems may be generated. Generally, the apparatus for providing connection between networks, such as a router or the like, has a function of dynamically allocating network information such as a private address, a subnet mask or the like to each node by using a DHCP (Dynamic Host Configuration Protocol) in order to manage private addresses of the LAN nodes. Due to the dynamic address allocation function using the DHCP, when the inner terminal TM11 that has been separated from the LAN is reconnected to the LAN, a new private address (192.168.1.90) is allocated to the inner terminal TM11 after reconnection (e.g., step S64 of FIG. 14). Accordingly, the private address of the inner terminal TM11 after reconnection may not correspond to table data set in the address conversion table and, thus, the address conversion may not be executed. For that reason, an operator of the router 30 needs to reconfigure the conversion table in accordance with the private address after reconnection (e.g., step S63 of FIG. 14).
Therefore, there has been suggested a router having a function of registering the corresponding private addresses in correspondence with MAC (Media Access Control) addresses of the internal terminals TM11 to TM1n whenever new private addresses are allocated to internal terminals by the DHCP.
For example, as shown in FIG. 14, when the internal terminal TM11 that has been separated from the router 30 is reconnected to the router 30, the private address (192.168.1.1) registered in the address conversion table in correspondence with the MAC address (00-02-05-01-03-4e) of the internal terminal TM11 is reallocated to the internal terminal TM11 in step S65.
Thus, even when the IP packet is transmitted from the external terminal TM10 to the internal terminal TM11, the transmission destination address is converted to the private address (192.168.1.1) after reallocation in step S62. As a consequence, the IP packet is reliably transmitted to the internal terminal TM11. Further, the operator of the router 30 does not need to reconfigure the private address in the address conversion table whenever the internal terminal is reconnected thereto.
However, the following problems are generated in spite of the above-described solution. Specifically, when an internal terminal is replaced with another terminal due to the breakdown generated during the operation of the internal terminal or the model upgrading of the internal terminal, the MAC address of the terminal after such replacement is changed. Therefore, the operator of the router needs to update network information such as the MAC address, the private address or the like whenever the replacement occurs.
In view of the above, the present invention provides an apparatus for providing connection between networks which can properly manage network information despite replacement of internal nodes and perform a highly reliable routing process while reducing management burden.