JP2003198635A - Method for controlling computer connected to network - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method for controlling a network system capable of matching the private IP of a server with global IP by integrating a router and the server. <P>SOLUTION: In this method for controlling a computer equipped with an IP Masquerade function by an address converting means, narrow area address information set in a prescribed computer is preliminarily set so as to be matched with wide area address information. When the narrow area address information to designate any general computer in a narrow area network is acquired based on access information from the wide area network, access from the wide area network is assigned to the general computer. When information to designate the computer is included in the access information from the wide area network, the access from the wide area network is assigned to the computer. <P>COPYRIGHT: (C)2003,JPO

Description

Description: BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an integrated router and server for facilitating widespread use of a computer network which has been remarkably invented in recent years. The present invention relates to a network computer capable of conducting a conference or a videophone conversation. 2. Description of the Related Art When connecting a plurality of narrow area computer networks (LANs: Local Area Networks) to the global Internet, a router is required. Normally, this router device uses NAT (Network Address Translato).
r: network address translation function). This function is used for RF used in LAN.
C1918 (Address Allocation for Private Internets)
A private IP address (local IP address) according to CIDR (Classless Inter-Domain Rout)
ing), the global IP address assigned to the router by converting it to a so-called global IP address that can be used on the global Internet
This is a function to be shared by multiple terminals connected to N. [0003] NAT is roughly divided into the following two.
There are different methods (1) and (2). (1) Static address translation function to enable communication with the Internet by associating one global address with one private address (NA in a narrow sense)
T). This is a one-to-one address conversion method, and in order for terminals in a plurality of private IP address spaces to connect to the Internet, it is necessary to allocate a global IP address only for the request. In order to realize this function, routers generally use packets sent from private space.
Only the source IP address in the IP header is changed. As in the example shown in FIG. 7, the packet is transmitted to the global space with a global IP address corresponding to the private IP address of the transmission source on a one-to-one basis. (2) Dynamic address translation (so-called IP Masque) that allows one global address to be shared by a plurality of private addresses and to communicate with the Internet
function called rade). This is a one-to-many address conversion method. To realize this function, routers generally use the IP header part of packets transmitted from the private space.
The port number in the TCP / UDP header has been changed. [0005] As shown in FIG. 8, all private IP addresses are converted into one global IP address and transmitted to the global space. The response packet is sent to the individual private I / O by the IP Masquerade function.
It is converted to a P address and distributed. [0006] In particular, when IP Masquerade is used together with a terminal type dial-up connection, an inexpensive dial-up LAN connection can be realized, and a great effect is achieved in saving global IP addresses. As described above, NAT allows one global address to be shared by a plurality of private addresses, but has the following problems. (1) IP Masquerade assumes that UDP / TCP port numbers are converted. Therefore, special consideration is required for Internet Control Message Protocol (ICMP), which has no concept of port numbers. (2) When accessed from the global side, the first packet naturally comes from the global side. One pair of global address and private address
In the case of 1-compatible NAT, the delivery destination of the packet is known even in such a case, but in the case of IP Masquerade, it is not one-to-one correspondence, so it is not possible to determine which host should send the packet. (3) The protocol used for rsh (remort shell) commands is that the port number on the client side is WELL KNOWN.
Required to be within port range. for that reason,
It cannot be used over IP Masquerade, which converts port numbers. In recent years, conversations such as electronic conferences and videophones using a computer network called net meetings and online meetings have become widespread, and most of application software dedicated to participating in these online meetings has been developed. Private IP of data user even in application data
Writes data about addresses. That is, since the private IP address originally used only in the LAN is written in the application data APdata, the translated and added global IP address differs depending on the router device. However, there is a problem in that they do not operate normally or do not operate at all. [0010] Japanese Patent Application Laid-Open No. 9-247216 discloses a technique for integrating these routers and servers by using a network OS. In this technique, as shown in FIG. 9, a commercially available OS, Windows NT, is mounted on a server (101) and used as a network OS to integrate the functions of a router and a server. Further, the server (101) is provided with a multi-communication interface (104) so that communication with a wide area can be performed most efficiently, and connection with a telephone network, ISDN, super digital, frame relay, and a wireless network is also possible. It was done. Also, in order for a terminal device connected to the LAN of the server (101) to access an external terminal device on a wide area communication line, a look-up for identifying a terminal device identification address is provided to application software of the OS. An up table was provided. In the future, a multi-communication interface will be provided so as to connect to a telephone network, an ISDN, a super digital, a frame relay, and a wireless network, which can be expected to expand the infrastructure. In order to make the system cheaper and more reliable,
The file of the server (101) includes WWW, FTP, E-Mail, FA in order to support various protocols.
X, DNS, SQL. However, in the above-mentioned Japanese Patent Application Laid-Open No. 9-247216, there is disclosed a technique for integrating these routers and servers using a network OS. The technology only integrates a router and a server in hardware, and software processing related to address translation remains the same. Therefore, ICMP without the concept of port numbers
And proper processing even when accessed from the global side with a global IP address poses a problem, and the protocol used in rsh commands cannot be used over IP Masquerade.
There is a problem. Further, as in a conversation system such as an electronic conference using a computer network called a net meeting or an online meeting or a videophone, data relating to the IP address of a data user and a port number to be used are written in application data. A problem arises when the system configured as described above is used in a WAN such as the Internet. SUMMARY OF THE INVENTION The present invention has been made with an object to provide a method of controlling a network system in which a router and a server are integrated into one, and a private IP and a global IP of the server can be matched. . According to the present invention, there is provided a method for controlling a computer connected to a network according to the present invention.
Wide-area interface means for communicating with a wide-area network, narrow-area interface means for communicating with a plurality of general computers via a narrow area network, wide-area address information set as identification information in the wide area network, and Address conversion means for mutually converting between the narrow area address information set as the identification information, and, by the address conversion means, based on access information from the wide area network,
If local address information specifying any general computer connected to the local area network is obtained,
In a computer configured to distribute access from the wide area network to the general computer, narrow area address information set in the computer is set in advance so as to match the wide area address information, and from the wide area network, If the narrow area address information specifying any general computer in the narrow area network is obtained based on the access information, the access from the wide area network is distributed to the general computer, and the access from the wide area network is performed. When the information includes the information for designating the computer, the computer is controlled so that the access from the wide area network is distributed to the computer. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a method for controlling a computer connected to a network according to the present invention will be described in detail with reference to the drawings showing an embodiment. FIG. 1 shows a configuration example of a computer used in the present invention. Reference numeral 1 denotes a computer provided with a CPU, a main memory, a bus controller, a display device, an external storage device, an input device, and the like. Reference numeral 2 denotes one of the general-purpose bus slots for an interface card provided in the computer 1. The general-purpose bus slot 2 is, for example, a PCI standard slot. A plurality of slots (not shown) identical to the general-purpose bus slot 2 are provided. Reference numeral 3 denotes a network interface card according to the present invention, which has an interface unit capable of respectively supporting a plurality of protocols. The network interface card 3 is mounted on the one general-purpose bus slot 2, and a predetermined driver program is installed on the computer 1. Three
Reference numeral 1 denotes a first interface unit on the WAN side, which is connected to the Internet N via a converter 311 such as a cable modem, an xDSL modem, or an optical media converter. The first interface unit 31 is configured to be able to communicate with the Internet N on the WAN side by a TCP / IP protocol. Reference numerals 32 and 33 denote second and third interface units on the LAN side. For example, the second interface unit 32 has an interface function for Ethernet (registered trademark) compatible with 10Base-T / 100Base-T. The computer 1 is connected to the LAN via the second interface unit 32. Also, the third
The interface 33 is 802.11X (IEEE)
The computer 1 is provided with an interface function for wireless LAN corresponding to the third interface unit 3.
3 is connected to the wireless LAN. In addition, an interface unit having an interface function for PHS communication and an interface unit for IrDA (infrared communication interface) (both are not shown).
It has. The TCP / IP protocol supported by the first interface unit 31 includes an application layer, a socket, a transport layer, a network layer, a network access layer, and a physical layer. Inter
Mosaic, ftp, telnet, etc. related to the net are application layers. These applications use TCP / API by using socket API (Application Programming Interface).
Can communicate via IP. The TCP performs packet assembly, connection establishment and disconnection, flow control, and the like, and the IP establishes a transmission path and logically manages a network by defining a network address and a host address. In the above configuration, in the transmission control program of the computer 1, the private IP address for the computer 1 is set to match the global IP address. The private IP addresses for other computers connected to the LAN other than the computer 1 are set to non-overlapping private IP addresses by the IP Masquerade function of the computer 1. Next, a control program for performing transmission control starting from the LAN side will be described with reference to the flowchart of FIG. When the transmission data starting from the LAN side is input to the computer 1 via the second interface unit 32 and the general-purpose bus slot 2, in step S21, the destination IP address and the source port number are stored, In step S22, the computer 1 checks the source data (source private IP address, source port number) included in the transmission data, and transmits the data from the computer 1 or from another computer via the LAN. Determine whether the call originated. As a result of the check in step S22,
If the call originates from the computer 1, the source private IP address is sent to the WAN side in step S25 as the source global IP address. If the call originates from a computer other than the computer 1, in step S23, the IP Masquerad
The e function converts the source private IP address and the source port number into a predetermined global IP address and a source port number, and in step S24, stores the conversion information and sends it to the WAN side.
If the destination is a private IP address, LA
It is natural that the data is transmitted to a predetermined computer on the N side. Next, a control program for controlling a response packet from the WAN will be described with reference to the flowchart of FIG. When the response packet data from the WAN side is input to the computer 1 through the first interface unit 31 and the general-purpose bus slot 2, step S31
In step S32, destination data (destination IP address and destination port number) included in the response packet data is searched, and in step S32, a response to the computer 1 or a response to another computer via the LAN Is determined. If the result of determination in step S32 is a response to the computer 1, in step S35 the response is passed to the application program of the computer 1. If it is a response to a computer other than the computer 1, in step S33, the IP Masquer
Using the ade function, based on the storage information stored in step S24 of FIG. 2, the source IP address and the source port number are converted into a source IP address and a source port number.
At 34, the data is transmitted from the internal routing table to a predetermined computer which is the original transmission source. In this way, the computer 1 sends the WA
In the case of transmission to the N side, if the private IP address of the transmission source matches the global IP address, it is sent to the WAN side without conversion, and the response from the WAN side is a response to the computer 1. In this case, since the computer 1 is passed to the computer 1, the computer 1 can use the global IP address as its own IP address, and can specify the computer 1 from the WAN side. The control program shown in FIGS. 2 and 3 and the computer 1 correspond to address conversion means. The first interface unit 31 on the WAN side corresponds to wide area interface means and the second interface unit on the LAN side. The interface unit 32 corresponds to a narrow-area interface unit. The Internet N corresponds to a wide area network, the LAN corresponds to a narrow area network, the global IP address corresponds to wide area address information, the private IP address corresponds to narrow area address information, and the response packet corresponds to access information. Equivalent. Therefore, ICMP without the concept of port numbers
The computer 1 can cope with the above problem, and even if access is made from the global side with a global IP address, the packet is delivered to the computer 1 in which a private IP address that matches the global IP address is set, so that the Processing can be performed. In addition, a protocol used in rsh (remort shell) commands can be used in the computer 1. In the computer 1, a private IP
Since the address matches the global IP address, a teleconference or TV using a computer network called a net meeting or online meeting
It can handle conversations like telephone calls without any problems. Next, a control method in the network system shown in FIG. 4 will be described as an embodiment of the present invention. In FIG. 4, reference numeral 41 denotes a computer used in the present invention.
The computer includes a computer unit 411 as a specific computer connected to the AN, and a network interface card 412 for implementing the control method according to the present invention. The network interface card 412
Is the first interface unit 413 on the WAN side and the LA
An N-side second interface unit 414;
Wireless L using a protocol based on X (IEEE)
An interface unit 415 for AN is provided. Further, an interface unit capable of supporting various protocols can be provided. Further, in the computer 41, a program for performing control as shown in FIGS. Reference numeral 42 denotes a general computer connected to the LAN, which is connected to the LAN by an interface unit 424. Reference numeral 43 denotes a general computer connected to the LAN.
34, it is connected to the LAN, and a wireless LAN interface unit 435 is connected to PHS devices. 44 is a general computer,
Wireless LAN via a wireless LAN interface unit 444 using a protocol based on 1X (IEEE).
Connected to AN. In the above network system, the IP address of the computer 41 is “10, 1, 0,
1 "is set. This IP address “10, 1,
"0,1" is a global IP address, and LA
Private IP of the computer 41 on the N side
It is also set as an address. The computer 42 has a private IP address “192, 168, 0, 1”.
0 ”is set and the computer 43
P address “192, 168, 0, 11” is set,
The computer 44 has a private IP address "19
2,168,0,12 "is set. Then, as shown in FIG. 5, the computer 41 on the LAN (private space) side
The transmission data to the side includes the global IP address “10, 1, 0, 1” set as the source IP address in accordance with the private IP address.
Also, “2000” is included as the source port number. As the destination IP, a global IP address for specifying a target server, for example, “10,
0, 0, 1 "is set, and W is set as the destination port number.
A number “80” corresponding to WW is set. WAN
On the (global space) side, the source IP address "1"
0, 1, 0, 1 ", source port number" 6000 ", destination IP address" 10, 0, 0, 1 ", and destination port number" 80 ". Next, a response packet to the above transmission data is composed of a source IP address "10, 0, 0, 1",
Source port number “80”, destination IP address “1”
0, 1, 0, 1 ”and the destination port number“ 6000 ”, the computer 41 uses the program to send the destination IP address“ 10, 1, 0, 1 ”.
"1" and the destination port number "6000", and determines that the response packet is addressed to the computer 41, and delivers the response packet to a predetermined application program of the computer 41. However, as shown in FIG. 6, the transmission data from the general computer 42 to the WAN side includes the private IP address “192, 168, 0,
10, "and the destination global IP address" 10, 0,
0, 1 ”, the source port number“ 2001 ”, and the destination port number“ 80 ”, the computer 41 that has received the transmission data via the LAN executes the transmission data Of the source and destination of the global IP address "10, 1, 0, 1", and the conversion information is also stored, and the converted global IP address "10" is stored. , 1, 0, 1 "to the WAN side. The response packet to the general computer 42 includes the source IP address "10, 0,
0, 1 ”, it is determined from the stored transmission data destination information that the response packet is for the computer 42, and based on the stored conversion information. The destination IP address is converted back to the private IP address “10, 1, 0, 1” and distributed to the computer. In this way, a response packet to a transmission from the computer 41 is distributed to the computer 41, and a response to a transmission from another general computer is distributed to each computer. In this way, the IP Masquerade function is realized, and the transmission data from the computer 41 includes a global IP address that matches its own private IP address as the source IP address. The computer 1 can cope with ICMP that does not have the concept of, and appropriate processing can be performed even when the global side accesses with a global IP address. Also, conversations such as electronic conferences and videophones using a computer network called net meetings and online meetings can be processed without any problem. As described above, according to the present invention, appropriate processing for ICMP without the concept of a port number can be performed even when access is made from the global side with a global IP address. Furthermore, a system configured to write data relating to the data user's IP address into application data, such as a teleconference using a computer network called a net meeting or an online meeting or a conversation system such as a video phone, is provided. , Internet, etc.
It became possible to use it without problems in AN.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a configuration diagram showing a configuration of an embodiment of a control method of a computer connected to a network according to the present invention. FIG. 2 is a flowchart illustrating a control program according to the embodiment. FIG. 3 is a flowchart illustrating a control program according to the embodiment. FIG. 4 is a configuration diagram of a network system used in an embodiment of the present invention. FIG. 5 is an explanatory diagram of an operation example in the embodiment. FIG. 6 is an explanatory diagram of an operation example in the embodiment. FIG. 7 is an explanatory diagram of an operation example in the conventional example. FIG. 8 is an explanatory diagram of an operation example in the conventional example. FIG. 9 is a configuration diagram of a network system used in a conventional method. DESCRIPTION OF REFERENCE NUMERALS 1 computer, address conversion means 2 general-purpose bus slot 3 network interface card 31 first interface unit on WAN side, wide area interface means 32 second interface unit on LAN side, narrow area interface means 33 on LAN side Third interface unit N Wide area network LAN Narrow area network

Claims (1)

Claims: 1. A wide-area interface means for communicating with a wide-area network, a narrow-area interface means for communicating with a plurality of general computers via a narrow-area network, and setting as identification information in the wide-area network. Address conversion means for mutually converting between the wide area address information and the narrow area information set as identification information in the narrow area network, and the address conversion means, based on access information from the wide area network In the case where narrow-area address information specifying any general computer connected to the narrow-area network is obtained, the computer configured to distribute access from the wide-area network to the general computer includes Set on computer The narrow-area address information is set in advance in accordance with the wide-area address information, and based on access information from the wide-area network, narrow-area address information specifying any general computer in the narrow-area network can be obtained. In the case, the access from the wide area network is distributed to the general computer, and if the access information from the wide area network includes information designating the computer, the access from the wide area network is A method for controlling a computer connected to a network, characterized in that the computer is controlled to be distributed to a network.