1. Field of the Invention
The present invention relates to a network system, a terminal, and a gateway.
2. Description of the Related Art
Transmission control protocol/Internet protocol (TCP/IP) is well known as a protocol used in communication between terminals. TCP/IP is used for the Internet as a standard. It is necessary to specify an internet protocol (IP) address and a port number of the counterpart in communication to transmit data using TCP/IP. An IP address is address information that uniquely identifies a terminal connected to the Internet, and is assigned to each terminal. Conventionally, a unique IP address that can be used to connect to the Internet (hereinafter, “global address”) is assigned to each of all terminals.
However, the number of 32-bit IP addresses used currently (IPv4) may become insufficient in future as the Internet become widespread. A method is well known in which in a closed network in a small extent such as a local area network (LAN) used inside a home or a company, IP addresses (hereinafter, “private address”) that are available only inside the LAN are freely assigned to terminals connected to the LAN to save the number of global addresses. In this specification, a LAN is referred to as “private network”.
Because a terminal provided with a private address can not be identified uniquely on the Internet, the terminal as it is can not communicate with other apparatuses through the Internet. As a technique to connect a terminal in a private network with the Internet, network address port translation (NAPT) is well known. In a gateway (router) positioned on the border between a private network and the Internet, NAPT converts a private address into a global address for packets sent from the private network side to the Internet side, and a global address into a private address for packets sent from the Internet side to the private network side.
Because NAPT further converts port numbers for TCP/UDP, a plurality of terminals in a private network can be simultaneously connected to the Internet using a single global address. A network system in which local communication apparatuses in different LANs can communicate mutually through the Internet is well known (for example, Japanese Patent Application Laid-Open Publication No. 2004-304318). In the network system, the address converting function by NAPT is used.
Universal plug and play (UPnP) network address translation (NAT) traversal is well known (for example, “optimization by NAT transversal and UPnP of Windows™ XP”, [online], Microsoft Japan, [searched on Dec. 2, 2004], the Internet <URL: http://www.microsoft.com/japan/technet/prodtechnol/winxppro/deploy/nattrnsv.mspx#EHAA>) as a technique that connects terminals in a private network with the Internet without mutual conversion between private addresses and global addresses in a gateway. An application and a gateway communicate with each other when the application is started up on a terminal, and the application acquires a global address of the gateway as well as the gateway sets port mapping for the gateway to transfer packets to a port used by the application. Thus, the application on the terminal can communicate using a global address.
However, the connection to the Internet using NAPT described above has a problem as follows. For example, NAPT creates a conversion rule between IP addresses and port numbers when packets are transmitted from a terminal in a private network to the Internet side. Therefore, when communication is started from the Internet side to a terminal in a private network, no conversion rule has been created for the communication. Therefore, no communication can be started from the Internet side to the terminal in the private network except when a port number used by an application on the terminal has been recognized and a conversion rule has been statically set in advance using the port number.
Because NAPT converts basically only an IP address and a port number in the TCP header part, malfunction occurs for a protocol that is arranged to contain an IP address and a port number in the data part. For example, for a call control protocol such as a session initiation protocol (SIP) utilized for the IP telephone service, etc., an SIP server takes out an IP address contained in the data part and uses the IP address as the address for a response.
Therefore, when NAPT is used for such a protocol, a response packet from the SIP server becomes address-unknown and does not reach a terminal originally addressed to because the IP address contained in the data part under SIP is not converted and remained as a private address. Recently, another type of NAPT that has a function of re-writing an IP address in the data part has also been proposed. However, because available protocols are limited for such NAPT, it is not practical for such NAPT to make compatible with new protocols that are being developed one after another.
For NAPT, a port number can not be converted when the port number is encrypted. For example, in encryption using IP security (IPsec), a new packet is configured by encrypting the parts following the IP header of the original packet and attaching the IP header and header information for encryption called encapsulation security payload (ESP) before the encrypted data. In this re-configured packet, the ESP header is positioned at the position at which the conventional TCP/IP header has been positioned.
Therefore, because no port number part exists when a conversion rule is created by the NAPT, no correct conversion rule can be created. Even though the position of the TCP/UDP header of the original packet can be found in the packet re-configured by the encrypting by IPsec, no correct port number can be acquired because the part has been encrypted. Therefore, in this case, no correct conversion rule can also be created.
In case of connection with the Internet using UPnP NAT traversal, it is possible to start communication from the Internet side by setting port mapping at the starting up of an application. However, in this case, the dedicated application program interface (API) is required. Therefore, to cause a conventional application to support UPnP, the application itself is required to be corrected. However, the source code of an application is generally not disclosed. Therefore, the source code can not be corrected individually. Even if source codes of applications are disclosed, it is not practical to correct many applications being used.