1. Field of the Invention
The present invention relates to a network in which a plurality of proxy servers, each server constituting a fire wall, are disposed in communication paths between a client computer and a server computer, and in particular, to a communication system in which a connectionless communication using specifications of port numbers are carried out between the client and server computers.
2. Description of the Related Art
In a communication network employing a transmission control protocol/Internet protocol (TCP/IP), there has been proposed a communication system in which proxy servers functioning as firewalls are provided on a communication route such that communications are relayed through a transport layer which identifies a service in accordance with a port number and a communication address. The communications in the transport layer are primarily classified into communications respectively using the transmission control protocol (TPC) and a user datagram protocol (UDP).
In the connection-oriented communication, the port number of a transmission destination and that of a transmission destination at a communication starting point are assumed to be fixed. Therefore, each communication facility can easily acquire information necessary to establish a relay or transit route.
However, In the connectionless communication, the port number of a transmission destination and that of a transmission destination at a communication starting point are assumed to be indefinite. Consequently, it is difficult for each communication facility to obtain information necessary to establish a transit route.
Heretofore, Socks Protocol Version 5 proposed by RFC1928 has been known as a function to support a connectionless communication between client and server computers in an environment using firewalls. SOCKS Protocol Version 5 is a protocol prepared for a system including proxy servers relaying communications on firewalls and communication libraries for including the proxy servers. This protocol stipulates mutual authentication between a proxy server and a communication library in a client computer and sequences and packet formats for an instruction to establish connection to the proxy server of client computer and notification of results of instruction.
To conduct a connectionless communication, it is required for the client computer, server computer, and proxy server to mutually exchange port numbers thereof used in the communication. The protocol of Socks Version 5 assumes that a server computer can notify a port number thereof to be used for communication to a client computer through a predetermined operation. Moreover, a port used by the client computer can be reported to the server computer by a proxy server communicating with the server computer. Under this condition, Socks Protocol Version 5 provides a communication procedure to notify the port used by the server computer from the client computer to the proxy server and a procedure to report two ports used by the proxy server respectively for the client and server computers from the proxy server to the client computer.
For example, in a case in which only one proxy server forming a firewall is disposed on a communication route between client and server computers, port numbers are exchanged therebetween through a sequence shown in FIG. 16A. First, the server computer reports port number P4 for communication with the proxy server to the client computer. The client computer then passes P4 to the proxy server. The proxy server returns to the client computer port number P2 for communication with the client computer and port number P3 for communication with the server computer. Finally, the client computer notifies port number P3 to the server computer.
However, in the conventional sequence of Socks Version 5, the port number exchange cannot be appropriately accomplished when a plurality of proxy servers are arranged to configure firewalls on the communication route.
In a situation in which two proxy servers 1 and 2 exist on the route, the exchange operation is conducted, for example, as shown in FIG. 16B and as follows. A server computer first notifies port number P6 for communication with a proxy server 2 to a client computer. Thereafter, port number P6 is sequentially reported to the proxy servers 1 and 2. In accordance with the notification, the proxy server 1 sends two port numbers P2 and P3 for its communication to the client computer. Similarly, the proxy server 2 sends two port numbers P4 and P5 to the proxy server 1. However, information notified from the proxy server 2 is interrupted by a firewall function of the proxy server 1. Reported to the server computer is port number P3, not the port number (P5) necessary for the connectionless communication.