JP2008078822A - Management terminal, port open/close control method, and port open/close control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a management terminal capable of facilitating connection from an external terminal to an internal terminal while securing security, to provide a port open/close control method, and to provide a port open/close control program. <P>SOLUTION: The management terminal 11 configuring the same network domain as that of a network equipment 10 includes: an authentication function execution part for authenticating the external terminal 21 when a terminal information acquisition request is output from the external terminal 21 which is present outside the network domain; and a server function execution part which transmits a list of terminal names to the external terminal 21 when authentication is normally ended, and when receiving a port open request specifying a terminal name and a port number from the external terminal 21, opens a port of the network equipment 10 on the basis of the port number. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a management terminal, a port opening / closing control method, and a port opening / closing control program, and more particularly to a management terminal, a port opening / closing control method, and a port opening / closing control program that constitute the same network domain as a network device having a port filtering function.

  For example, in order to prevent inadvertent entry into a user's private network (internal network) from a device connected to a global network (external network) such as the Internet, a firewall or NAT has conventionally been used at the boundary between the global network and private network. Network devices such as (Network Address Translation) are used.

  In these network devices, when a terminal connected to the global network side (external terminal) and a terminal connected to the private network side (internal terminal) are interconnected, security is ensured using a port. .

Japanese Patent Application Laid-Open No. 2004-228561 describes contents that enable communication beyond a firewall by transferring an incoming message from one port to another port. In Patent Document 2, a call control controller (Q.931 controller) issues a request to a firewall to open a port for RTP (real-time data such as voice), and the firewall opens a port for RTP. The contents that enable communication beyond the firewall are described. Patent Document 3 describes contents for registering an arbitrary port for each application and dynamically opening the port.
JP 2005-12775 A JP 2004-147195 A JP 2005-92456 A

  However, it is desirable for the network device as described above to close unnecessary ports for security and open ports as necessary, and this realization method has been a problem.

  For example, in Patent Document 1, an external client communicates with an internal server (Web server) connected to an internal network. That is, in Patent Document 1, it is necessary to open a firewall port in advance in order to perform this communication, and the firewall port cannot be opened as necessary.

  Moreover, in patent document 2, control which opens and closes the port of a firewall is possible. However, in Patent Document 2, RTP data (real-time data such as voice) passes through the firewall. The data for call connection is transmitted using a public telephone network and is connected to the other terminal. Therefore, in Cited Document 2, a VoIP protocol such as SIP and Q. A gateway device that converts the 931 protocol was required.

  As another method for performing port opening / closing control, there is router port opening / closing control (Port Mapping) standardized as a UPnP (Universal Plug and Play) standard. In this method, a UPnP client terminal connected to the private network side can perform port opening / closing control on the router.

  However, in this method, when making a call connection from a terminal connected to the private network side to a terminal connected to the global network side, it is possible to perform opening / closing control from the UPnP client terminal to any necessary port. Open / close control of any port of the router cannot be performed from a terminal connected to the global network side.

  Therefore, in order to be able to connect from a terminal connected to the global network side to a terminal connected to the private network side at any time, the router must always have a connection port open, which is a problem in terms of security. There was a case.

  The present invention has been made in view of the above points, and provides a management terminal, a port opening / closing control method, and a port opening / closing control program capable of facilitating connection from an external terminal to an internal terminal while ensuring security. The purpose is to do.

  In order to solve the above problems, the present invention is a management terminal connected between an internal network and an external network and constituting the same network domain as a network device having a port filtering function. When there is a terminal information acquisition request from an external terminal outside the domain, the authentication function execution unit that performs authentication of the external terminal and the terminal names of the internal terminals that constitute the network domain are managed as terminal information. When the terminal information management unit and the authentication are normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when an open request for a port designating the terminal name and port number is received from the external terminal, A server function execution unit for opening a port of the network device based on a port number; Characterized in that it has.

  In addition, what applied the component, expression, or arbitrary combination of the component of this invention to a method, an apparatus, a system, a computer program, a recording medium, a data structure, etc. is also effective as an aspect of this invention.

  According to the present invention, it is possible to provide a management terminal, a port opening / closing control method, and a port opening / closing control program capable of facilitating connection from an external terminal to an internal terminal while ensuring security.

  Next, the best mode for carrying out the present invention will be described based on the following embodiments with reference to the drawings. In the following embodiment, a terminal connected to the private network side and a terminal connected to the global network side are interconnected via a network device having an address translation (NAT) function.

  In the following embodiment, except when interconnecting a terminal connected to the private network side and a terminal connected to the global network side, the port for the terminal is not opened in the network device, and the private network side By enabling a connected management terminal to make a request to open a terminal port after authentication, it is possible to facilitate connection from an external terminal to an internal terminal while ensuring security.

  In the present embodiment, the ITU-T recommendation T.264 in the first private network is connected via a broadband router having a NAT function and a global network. The facsimile terminal (IP-FAX) conforming to the standard 38 is connected to the facsimile terminal in the second private network for FAX communication, or the TV telephone in the first private network is connected to the TV telephone in the second private network. An example of making a video call by connecting to the network will be described.

  FIG. 1 is a network configuration diagram of an embodiment of a communication system according to the present invention. The communication system in FIG. 1 includes a first private network 1, a second private network 2, and a global network 3.

  The first private network 1 is connected to the global network 3 via the broadband router 10. The second private network 2 is connected to the global network 3 via the broadband router 20. The global network 3 is, for example, a network of a telecommunications carrier that provides an IP telephone service.

  The first private network 1 is a network domain composed of a broadband router 10, a management terminal 11, a facsimile terminal 12, and a TV phone 13. The second private network 2 is a network domain composed of a broadband router 20, a management terminal 21, a facsimile terminal 22, and a TV phone 23.

  The broadband router 10 and the broadband router 20 have four LAN (100BASE-TX) ports (private address ports) for a private network and one WAN (100BASE-TX) port for a global network. The broadband router 10 and the broadband router 20 register the terminal identification information (terminal name) of the terminal connected to the private address port, the private IP address assigned to the terminal, and the port number used by the terminal in association with each other.

  The broadband router 10 and the broadband router 20 mutually convert the registered private IP address of the terminal and the global IP address, and connect the terminal connected to the private network and the other terminal connected via the global network 3. To communicate with. The global IP address is given by a telecommunications carrier that provides a service using the global network 3.

  Mutual conversion between the private IP address and the global IP address is performed using an ALG (Application Layer Gateway) method that rewrites an IP address and a port number in a SIP (Session Initiation Protocol) message. In this ALG system, neither a terminal on the private IP address side nor a terminal on the global IP address side requires special functions or operations for communication via the NAT.

  The broadband router 10 and the broadband router 20 have a Web server function, and after authentication processing using a predetermined user ID and password from a terminal (Web client) having a Web browser on the private IP address side, HTTP (Hyper Text Registration of terminal information (terminal name, private IP address, port number) and acquisition and browsing of registered terminal information can be performed by the Transfer Protocol protocol.

  Furthermore, the broadband router 10 and the broadband router 20 can set open or close for each registered port number by a user operation.

  The management terminal 11 and the management terminal 21 are, for example, personal computers (PCs), and a web browser is installed. In addition, the management terminal 11 and the management terminal 21 of the present embodiment are also implemented with Web server software. The facsimile terminal 12 and the facsimile terminal 22 perform call connection using SIP. The TV phone 13 and the TV phone 23 also perform call connection using SIP. Note that the SIP server used for call connection by SIP exists in the global network 3 (not shown), but it is also possible to connect without using the SIP server.

  In the broadband router 10, 80 is set as the port number for the management terminal 11, and the port is set to open and all other ports are set to close. In the broadband router 20, 80 is set as the port number for the management terminal 21, and the port is set to open and all other ports are set to close. Port number 80 is a port number for HTTP.

  In the broadband router 10, terminal names and IP addresses are registered as terminal information of the management terminal 11, the facsimile terminal 12, and the TV phone 13. In the broadband router 20, terminal names and IP addresses are registered as terminal information of the management terminal 21, the facsimile terminal 22, and the TV phone 23. This registration can be set in the administrator mode.

  FIG. 2 is an explanatory diagram showing an example of registered terminal information. After this registration, the administrator of the first private network 1 uses the management terminal 11 to obtain a list of terminal names, IP addresses, and terminal port numbers (data reception port numbers) from the broadband router 10. The list data is stored in the management terminal 11. Similarly, the administrator of the second private network 2 uses the management terminal 21 to obtain a list of terminal names, IP addresses, and terminal port numbers (data reception port numbers) from the broadband router 20. The data of this list is stored in the management terminal 21.

  Next, the user connects to the management terminal 21 in the second private network 2 using the management terminal 11 in the first private network 1, and a predetermined port of the broadband router 20 in the second private network 2. , And then, the procedure until the facsimile terminal 12 is connected to the facsimile terminal 22 through the port to perform FAX communication will be described with reference to the operation flow of FIGS.

  3 and 4 show an operation flow of an example of a management terminal connected to the first private network side. FIG. 5 shows an operation flow of an example of a management terminal connected to the second private network side.

  First, the user of the management terminal 11 uses the Web browser of the management terminal 11 to obtain the terminal information in the second private network 2 and uses the host name (or global IP address) of the broadband router 20 as the destination. Press the terminal information acquisition button displayed on the Web browser.

  The management terminal 11 repeats the process of step S1 until it is determined that the terminal information acquisition button is pressed with the broadband router 20 in the other party's private network as the destination, and the terminal information acquisition button is pressed with the broadband router 20 as the destination. If it is determined that the process has been performed, the process proceeds to step S2.

  In step S2, the management terminal 11 transmits a terminal information acquisition command in an HTTP request message. The packet of the HTTP request message arrives at the port number 80 of the broadband router 20. The broadband router 20 replaces the destination address of the received HTTP request message packet with the private IP address of the management terminal 21 and transfers the packet to the management terminal 21.

  The management terminal 21 repeats the process of step S21 until it determines that the terminal information acquisition command has been received, and proceeds to the process of step S22 if it determines that the terminal information acquisition command has been received. In step S22, the management terminal 21 authenticates the request transmission terminal before executing the process corresponding to the received terminal information acquisition command. This authentication uses digest authentication described in RFC2617. In the management terminal 21, a user name and a password input by the user of the management terminal 11 are registered in advance. The management terminal 21 generates a random number (nonce) for authentication called a challenge, and returns this random number in a response message of the status code 401 (authentication request).

  The management terminal 11 repeats the process of step S3 until it determines that it has received the response message for the authentication request, and proceeds to the process of step S4 if it determines that it has received the response message for the authentication request. In step S4, the management terminal 11 displays a user name and password input screen.

  The management terminal 11 repeats the process of step S5 until it is determined that the user name and password are input. If it is determined that the user name and password are input, the management terminal 11 proceeds to the process of step S6. In step S6, the management terminal 11 calculates a digest using a user name, a password, a random number (nonce) received from the management terminal 21, a random number (cnonce) generated by the own terminal, and the like. The digest calculation algorithm uses MD5. The management terminal 11 sends the obtained digest value (response) to the management terminal 21 in the HTTP request message together with the user name, a random number (cnonce) generated by the terminal itself, and the like.

  The management terminal 21 repeats the process of step S23 until it determines that it has received a digest value (response), a user name, a random number (cnonce) generated by the management terminal 11 and the like from the management terminal 11. If it is determined that a digest value (response), a user name, a random number (cnonce) generated by the management terminal 11 is received, the process proceeds to step S24.

  In step S24, the management terminal 21 uses the received user name, a random number (cnonce) generated by the management terminal 11, a password registered in advance in association with the user name, a random number (nonce) generated by the own terminal, and the like. To calculate the digest. The digest calculation algorithm uses MD5.

  In step S25, the management terminal 21 compares the digest value obtained in step S24 with the digest value (response) received from the management terminal 11. If the digest values match, the management terminal 21 determines that the user of the management terminal 11 has entered the correct password, and ends the authentication process.

  Then, the management terminal 21 proceeds to step S26, and as a process corresponding to the terminal information acquisition command, a list of terminal names (terminal names of the facsimile terminal 22 and TV) which are terminal information registered in the broadband router 20 that has already been acquired. The terminal name of the telephone 23) is returned to the management terminal 11. As a result of comparing the digest values in step S25, if the digest values do not match, the management terminal 21 proceeds to step S32, returns an error response to the terminal information acquisition command, and corresponds to the terminal information acquisition command. Processing is not executed.

  The management terminal 11 repeats the process of step S7 until it determines that the list of terminal names has been received from the management terminal 21, and proceeds to step S8 if it determines that the list of terminal names has been received from the management terminal 21. In step S8, the management terminal 11 displays the received terminal names (the terminal name of the facsimile terminal 22 and the terminal name of the TV phone 23).

  The user of the management terminal 11 selects the terminal name of the facsimile terminal 22 in order to perform FAX communication using the facsimile terminal 12. The management terminal 11 repeats the process of step S9 until it is determined that the terminal name is selected by the user, and if it is determined that the terminal name of the facsimile terminal 22 is selected by the user, the process proceeds to step S10.

  In step S10, the management terminal 11 receives a port number for receiving a call connection packet by the broadband router 20 and a FAX data packet (an IFP packet defined by ITU-T recommendation T.38). The number is determined by a predetermined method. As a predetermined method for determining the port number, for example, there is a method of randomly selecting from a range of 20000 to 65535.

  The management terminal 11 transmits the port number for each selected data type and the selected terminal name to the management terminal 21 using HTTP. Note that the management terminal 11 may display a port number input screen when the terminal name is selected, and allow the user to input.

  The management terminal 21 repeats the process of step S27 until it determines that the terminal name and the port number for each data type to be opened have been received from the management terminal 11, and the terminal name and the data type to be opened from the management terminal 11. If it is determined that each port number has been received, the process proceeds to step S28.

  In step S28, the management terminal 21 includes the terminal name received from the management terminal 11 and the port number for each data type to be opened in the port open request command and transmits the command to the broadband router 20. When the broadband router 20 receives the port open request command, the broadband router 20 refers to an already registered terminal name and IP address correspondence list (FIG. 2 (b)), and sets the IP address and data type corresponding to the terminal name. Correspondingly, register the port number in the port open request command. An example of this registration is shown in FIG.

  FIG. 6 is an explanatory diagram of an example showing terminal information in which the port number of the broadband router is additionally registered. Then, the broadband router 20 opens the port having the port number included in the port open request command.

  Subsequently, the user in the first private network 1 displays the registration information (FIG. 2A) of the terminal in the first private network 1 stored in the management terminal 11 and displays the registration information of the facsimile terminal 12. The terminal name “FAX_SITE1” is selected, and an operation for opening the port of the broadband router 10 is performed.

  The management terminal 11 performs the process of step S11 until it is determined that the terminal name “FAX_SITE1” of the facsimile terminal 12 in the first private network 1 has been selected by the user and an operation for opening the port of the broadband router 10 has been performed. If the terminal name “FAX_SITE1” of the facsimile terminal 12 is selected by the user and it is determined that an operation for opening the port of the broadband router 10 has been performed, the process proceeds to step S12.

  In step S12, the management terminal 11 randomly selects and determines the call connection packet reception port number and FAX data reception port number of the broadband router 10 from the range of 20000 to 65535, and determines the call connection packet reception port number. The FAX data reception port number is stored in association with the port number of the facsimile terminal 12 (terminal port number). A storage example at this time is shown in FIG.

  Then, the management terminal 11 includes the terminal name, IP address, terminal port number (for call connection and FAX data) of the facsimile terminal shown in FIG. 6A, and port number of the broadband router 10 (for call connection and FAX data). Is sent to the broadband router 10 by HTTP. When the broadband router 10 receives the port open request command, the broadband router 10 updates the registration by adding the port number of the received broadband router 10 to the table of the facsimile terminal 12 in FIG. An example of this registration is shown in FIG. Then, the broadband router 10 opens the port having the port number added to the table.

  Next, the user sets a transmission document on the facsimile terminal 12 and performs a call operation by designating the global IP address of the broadband router 20 and the port number previously transmitted from the management terminal 11 to the management terminal 21 as the destination. . By this operation, the facsimile terminal 12 transmits a connection message (SIP INVITE message) to the designated destination, that is, the broadband router 20.

  When making a call connection using a SIP server, when a user performs a call operation by designating the identification number and port number of the broadband router 20 as a destination, the broadband router 20 passes through the SIP server. A connection message (SIP INVITE message) is sent to.

  When the broadband router 20 receives the connection message (received at the port having the previously opened port number (for example, 31723)), the broadband router 20 refers to the terminal registration information (FIG. 6B) and receives the connection message. A connection message (SIP INVITE message) is transmitted to the private IP address corresponding to the above, that is, to the facsimile terminal 22 with the destination port set to 5060.

  The facsimile terminal 22 establishes a session between the facsimile terminal 12 and the facsimile terminal 22 in response to the connection message. The facsimile terminal 12 transmits the image data to the facsimile terminal 22 using the FAX data transmission port of the broadband router 20.

  At this time, the broadband router 20 replaces the destination port number of the FAX data packet received at the FAX data reception port (for example, 59521) with the FAX data reception port number (for example, 10000) of the facsimile terminal 22 and transfers it to the facsimile terminal 22.

  When the FAX communication ends, the user performs an end operation on the previously selected terminal (facsimile terminal 22) on the management terminal 11. The management terminal 11 repeats the process of step S13 until it is determined that the end operation has been performed on the previously selected terminal. If it is determined that the end operation has been performed on the previously selected terminal, the management terminal 11 proceeds to step S14.

  In step S14, the management terminal 11 transmits a request command for closing the opened port to the management terminal 21 by HTTP, and transmits a command for closing the opened port to the broadband router 10 by HTTP.

  The management terminal 21 repeats the process of step S29 until it is determined that the request command for closing the opened port is received, and when it is determined that the request command for closing the opened port is received, the process proceeds to step S30.

  In step S 30, the management terminal 21 transmits a port close request command to the broadband router 20. When the broadband router 20 receives the port close request command, the broadband router 20 closes the two previously opened ports for FAX communication. When the broadband router 10 also receives the port close request command, the broadband communication port (two ports) opened earlier is closed.

  In the above-described embodiment, the communication between the management terminal 11 and the management terminal 21 uses HTTP, but other communication methods such as SIP instant message may be used. In this case, a port number other than 80 can be used for the port set and opened for the management terminal 11 for the broadband router 10 and the port set and opened for the management terminal 21 for the broadband router 20. .

  The same applies to the case where the user connects to the TV phone 23 in the second private network 2 using the TV phone 13 in the first private network 1 and performs communication using video and audio. is there.

  The management terminal 11 is also used when the user connects to the TV phone 23 in the second private network 2 using the TV phone 13 in the first private network 1 and performs communication using video and audio. This can be realized by connecting to the management terminal 21 in the second private network 2 and opening a predetermined port of the broadband router 20 in the second private network 2.

  When the user connects to the TV phone 23 in the second private network 2 using the TV phone 13 in the first private network 1 and performs communication using video and voice, the port to be opened is There are four for connection, for audio data, for audio control data, and for video data. Detailed description in this case is omitted.

  In the first embodiment, the management terminal 11 in the first private network 1 issues a request to open a port by specifying a port number. In this embodiment, the port number that the management terminal 21 in the second private network 2 opens is designated. The user operation in this embodiment is the same as that in the first embodiment. That is, when the user in the first private network 1 presses the terminal information acquisition button with the broadband router 20 in the other private network 2 as the destination, and enters the user name and password on the user name and password input screen, the second Since a list of terminal names in the private network 2 is displayed, the terminal name of the facsimile terminal 22 is selected. The subsequent operations are unique to the present embodiment.

  FIG. 7 shows an operation flow of an example of a management terminal connected to the first private network side. FIG. 8 shows an operation flow of an example of a management terminal connected to the second private network side.

  When the terminal name of the facsimile terminal 22 is selected, the management terminal 11 proceeds to step S41, and transmits an HTTP request message including the terminal name and inquiry information of the port number to be opened to the management terminal 21.

  When receiving the HTTP request message including the terminal name and the inquiry information of the port number to be opened, the management terminal 21 proceeds from step S51 to step S52. In step S52, the management terminal 21 refers to the table shown in FIG. 2B acquired from the broadband router 20 and determines the port number of the terminal with the matching terminal name by a predetermined method. As a predetermined method for determining the port number, for example, there is a method of randomly selecting from a range of 20000 to 65535.

  Since the received terminal name is “FAX_SITE2”, the management terminal 21 determines the port number for call connection and the port number for FAX data, and sets the terminal name, the port number for call connection, and the port number for FAX data. It is included in the port open request command and transmitted to the broadband router 20.

  When the broadband router 20 receives this port open request command, the broadband router 20 refers to an already registered terminal name and IP address correspondence list (FIG. 2 (b)), and sets the IP address and data type corresponding to the terminal name. Correspondingly, the port number in the port open request command is registered (FIG. 6B). Then, the broadband router 20 opens a port having a port number for call connection and a port number for FAX data.

  The broadband router 20 returns information indicating that the port has been successfully opened to the management terminal 21. When the information on the successful opening of the port is received (YES in step S53), the management terminal 21 proceeds to step S54, and manages the opened call connection port number and FAX data port number in the HTTP response message. Reply to the terminal 11.

  When the management terminal 11 receives the opened port number for call connection and the port number for FAX data (YES in step S42), the management terminal 11 proceeds to step S43 and displays the received port number, that is, the port number for call connection on the display. indicate.

  Subsequently, the user in the first private network 1 displays the registration information (FIG. 2A) of the terminal in the first private network 1 stored in the management terminal 11 and displays the registration information of the facsimile terminal 12. The terminal name “FAX_SITE1” is selected, and an operation for opening the port of the broadband router 10 is performed.

  If the management terminal 11 determines that the terminal name “FAX_SITE1” of the facsimile terminal 12 is selected by the user and an operation to open the port of the broadband router 10 has been performed (YES in step S44), the process proceeds to step S45.

  In step S45, the management terminal 11 randomly selects and determines the call connection packet reception port number and FAX data reception port number of the broadband router 10 from the range of 20000 to 65535, and determines the call connection packet reception port number. The FAX data reception port number is stored in association with the port number of the facsimile terminal 12 (terminal port number) (FIG. 6A).

  The management terminal 11 then transmits the terminal name, IP address, terminal port number (for call connection and FAX data) of the facsimile terminal 12 shown in FIG. 6A, and port number of the broadband router 10 (for call connection). (For FAX data) is entered in the port open request command and transmitted to the broadband router 10 by HTTP.

  When receiving the port open request command from the management terminal 11, the broadband router 10 adds the received port number of the broadband router 10 to the table of the facsimile terminal 12 in FIG. 2A, and updates the registration (FIG. 6). (A)). Then, the broadband router 10 opens the port having the port number added to the table.

  Next, the user sets a transmission original on the facsimile terminal 12, specifies the global IP address of the broadband router 20 and the port number for call connection displayed on the display of the management terminal 11 as a destination, and performs a call operation. do. By this operation, the facsimile terminal 12 transmits a connection message (SIP INVITE message) to the designated destination, that is, the broadband router 20.

  When the broadband router 20 receives the connection message from the facsimile terminal 12 (received at the port with the previously opened port number), the broadband router 20 corresponds to the received port with reference to the terminal registration information (FIG. 6B). A connection message (SIP INVITE message) is transmitted to the private IP address, that is, to the facsimile terminal 22.

  In response to this connection message, the facsimile terminal 22 establishes a session between the facsimile terminal 12 and the facsimile terminal 22, and uses the FAX data transmission port of the broadband router 20 from the facsimile terminal 12 to the facsimile terminal 22. Then, image data is transmitted.

  When the FAX communication ends, the user performs an end operation on the previously selected terminal (facsimile terminal 22) on the management terminal 11. The management terminal 11 repeats the process of step S46 until it determines that the end operation has been performed on the previously selected terminal, and proceeds to step S47 if it determines that the end operation has been performed on the previously selected terminal.

  In step S47, the management terminal 11 transmits a request command for closing the opened port to the management terminal 21 by HTTP, and transmits a command for closing the opened port to the broadband router 10 by HTTP.

  The management terminal 21 repeats the process of step S55 until it is determined that a request command for closing an opened port has been received. If it is determined that a request command for closing an opened port has been received, the management terminal 21 proceeds to step S56. In step S56, the management terminal 21 transmits a port close request command to the broadband router 20. Upon receiving the port close request command, the broadband router 20 closes the previously opened ports (2) for FAX communication. When the broadband router 10 also receives the port close request command, the broadband communication port (two ports) opened earlier is closed.

  In this embodiment, in the second embodiment, the user uses the management terminal 11 in the first private network 1 and connects to the management terminal 21 in the second private network 2, so that the second private An example in which when a predetermined port of the broadband router 20 in the network 2 is opened, only packet data received from the designated terminal among packet data received at the opened port is transferred to a terminal in the private network 2 explain.

  As in the first embodiment, the user in the first private network 1 presses the terminal information acquisition button on the management terminal 11 with the broadband router 20 in the partner private network 2 as the destination. Thereafter, when the user name and password are input on the user name and password input screen, the management terminal 11 sends a list of terminal names registered in the broadband router 20 from the management terminal 21 (the terminal name of the facsimile terminal 22 and the videophone). 23 terminal names).

  Upon receiving the list of terminal names, the management terminal 11 displays those terminal names as a destination list. At this time, the management terminal 11 displays a list of terminal names acquired from the broadband router 10 as a transmission source list. In order to perform FAX communication using the facsimile terminal 12, the user selects the terminal name of the facsimile terminal 12 as the transmission source and the facsimile terminal 22 as the transmission destination.

  Then, the management terminal 11 transmits a port open request command including information for inquiring the IP address of the broadband router 10, the terminal name of the facsimile terminal 22, and the port number to be opened to the management terminal 21 by an HTTP request message. When the management terminal 21 receives the port open request command, the management terminal 21 refers to the table shown in FIG. 2B acquired from the broadband router 20 and determines the port number of the terminal with the matching terminal name by a predetermined method. decide. As a predetermined method for determining the port number, for example, there is a method of randomly selecting from a range of 20000 to 65535.

  Since the received terminal name is “FAX_SITE2”, the management terminal 21 determines the port number for call connection and the port number for FAX data, and sets the terminal name, the port number for call connection, and the port number for FAX data. The IP address of the broadband router 10 is included in the port open request command and transmitted to the broadband router 20.

  When the broadband router 20 receives the port open request command, the broadband router 20 stores the IP address of the broadband router 10 included in the port open request command, and also stores a correspondence list of already registered terminal names and IP addresses (FIG. 2B). Referring to FIG. 6B), the port number in the port open request command is registered in association with the IP address and the data type with which the terminal name matches (FIG. 6B). Then, the broadband router 20 opens a port having a port number for call connection and a port number for FAX data.

  The broadband router 20 returns information indicating that the port has been successfully opened to the management terminal 21. Upon reception of information indicating that the port has been successfully opened, the management terminal 21 puts the opened call connection port number and FAX data port number and the IP address of the broadband router 20 into the HTTP response message to the management terminal 11. Send back. The management terminal 11 displays the received port number on the display.

  Subsequently, the user in the first private network 1 displays the registration information (FIG. 2A) of the terminal in the first private network 1 stored in the management terminal 11 and displays the registration information of the facsimile terminal 12. The terminal name “FAX_SITE1” is selected, and an operation for opening the port of the broadband router 10 is performed.

  The management terminal 11 randomly selects and determines the call connection packet reception port number and FAX data reception port number of the broadband router 10 from the range of 20000 to 65535, and stores them in association with the port numbers of the terminals, respectively (FIG. 6 (a)). Then, the management terminal 11 has the terminal name, IP address, terminal port number (for call connection and FAX data) of the facsimile terminal 12 shown in FIG. 6A, and port number of the broadband router 10 (for call connection and FAX). Data) and the IP address of the broadband router 20 with which the facsimile terminal 12 communicates are entered in a port open request command and transmitted to the broadband router 10 by HTTP.

  FIG. 9 shows an operation flow of an example of a broadband router connected to the first and second private networks.

  Upon receiving the port open request command, the broadband router 10 proceeds from step S61 to step S62, and associates the port number of the broadband router 10 included in the received port open request command with the terminal name as shown in FIG. And the registration is updated (FIG. 6A). Then, the broadband router 10 opens the port having the port number added to the table.

  Next, the user sets a transmission document on the facsimile terminal 12, designates the global IP address of the broadband router 20 and the port number for call connection displayed on the display of the management terminal 11 as a destination, and performs a call operation. To do. By this operation, the facsimile terminal 12 transmits a connection message (SIP INVITE message) to the designated destination, that is, the broadband router 20.

  When the broadband router 20 receives the connection message from the facsimile terminal 12 (received at the port with the previously opened port number), the broadband router 20 corresponds to the received port with reference to the terminal registration information (FIG. 6B). A connection message (SIP INVITE message) is transmitted to the private IP address, that is, to the facsimile terminal 22.

  In response to this connection message, the facsimile terminal 22 establishes a session between the facsimile terminal 12 and the facsimile terminal 22, and uses the FAX data transmission port of the broadband router 20 from the facsimile terminal 12 to the facsimile terminal 22. Then, image data is transmitted.

  When the FAX communication ends, the user performs an end operation on the previously selected terminal (facsimile terminal 22) on the management terminal 11. The management terminal 11 transmits a request command for closing the opened port to the management terminal 21 by HTTP, and transmits a command for closing the opened port to the broadband router 10 by HTTP.

  When the management terminal 21 receives a request command for closing the opened port, the management terminal 21 transmits a port close request command to the broadband router 20. Upon receiving the port close request command, the broadband router 20 closes the previously opened ports (2) for FAX communication. When the broadband router 10 also receives the port close request command, the broadband communication port (two ports) opened earlier is closed.

  While communication is performed between the facsimile terminal 12 and the facsimile terminal 22, the broadband router 20 repeats the process of step S63 until it determines that the packet is received at the opened port. Proceeds to step S64.

  In step S 64, the broadband router 20 checks whether or not the source address in the packet header portion of the packet received at the opened port matches the IP address of the broadband router 10. If the source address matches the IP address of the broadband router 10, the broadband router 20 proceeds to step S65 and transfers the packet to the facsimile terminal 22. If the source address does not match the IP address of the broadband router 10, the broadband router 20 proceeds to step S68 and discards the packet.

  Similarly, the broadband router 10 checks whether or not the transmission source address in the packet header portion of the packet received at the opened port matches the IP address of the broadband router 20, and if the packet matches, the facsimile router 10 Transfer to terminal 12. If the transmission source address does not match the IP address of the broadband router 20, the broadband router 10 discards the packet.

  In this way, in the third embodiment, packets received from unintended terminals on the global network side are prevented from being transferred to terminals on the private network side.

  In this embodiment, the broadband router 10, management terminal 11, facsimile terminal 12, TV phone 13, broadband router 20, management terminal 21, facsimile terminal 22, and TV phone 23 shown in FIG. 1 are UPnP (Universal Plug and Play). Perform operations that comply with the standard. Here, an operation performed between the broadband router 10 and the facsimile terminal 12 in the first private network 1 will be described as an operation according to the UPnP standard. The broadband router 10 has a DHCP server function built-in.

  FIG. 10 shows an operation flow of an example of the facsimile terminal 22 connected to the second private network side.

  When the broadband router 10 is turned on and the facsimile terminal 12 is turned off, the facsimile terminal 12 is assigned an IP address (private IP address) from the broadband router 10 by the DHCP procedure.

  Then, the facsimile terminal 12 proceeds to the discovery step. The facsimile terminal 12 sets the search request method “M-SEARCH” in the request line of the header portion, multicasts a UDP packet having the device type “InternetGatewayDevice”, and searches the broadband router 10 on the network. Upon receiving this message, the broadband router 10 returns a 200 OK response message including the URL to the device description (detailed device information).

  The facsimile terminal 12 transmits a device description acquisition request message of the HTTP GET method to this URL. When the broadband router 10 receives this device description acquisition request message, it returns a device description.

  This device description includes information such as “WANIPConnection”, which is a service type of a service for teaching a global IP address and opening / closing a port, and a URL for using this service.

  First, the facsimile terminal 12 transmits a SOAP command for acquiring a global IP address to this URL (WANIPConnection service of the broadband router 10), and acquires the global IP address of the broadband router 10.

  Thereafter, when the facsimile terminal 12 executes communication using SIP, the global IP address of the broadband router 10 is used instead of the private IP address acquired from the broadband router 10 for the local terminal IP address set in the SDP (Session Description Protocol) of the SIP message. Set the IP address.

  If a private IP address is set in the SDP's own terminal IP address, the partner terminal tries to transmit data to the private IP address. As a result, data addressed to the private IP address does not reach the broadband router 10, and the facsimile terminal 12 cannot communicate with a terminal outside the broadband router 10.

  The operation according to the UPnP standard is the same between the management terminal 11 and the TV phone 13 and the broadband router 10 and between the management terminal 21, the facsimile terminal 22 and the TV phone 23 and the broadband router 20.

  In this embodiment, in step S71, the management terminal 11, the facsimile terminal 12, the TV phone 13, the management terminal 21, the facsimile terminal 22, and the TV phone 23 obtain the global IP addresses of the broadband routers 10 and 20 by the UPnP procedure described above. To do. When the global IP address is acquired, the management terminal 11, the facsimile terminal 12, the TV phone 13, the management terminal 21, the facsimile terminal 22, and the TV phone 23 proceed to step S72, and the IP address (private IP address) of the own terminal and the own terminal. The terminal name is put in a terminal registration command and transmitted to the broadband routers 10 and 20 by SOAP.

  The broadband routers 10 and 20 that have received the terminal registration command store the IP address and terminal name of the terminal in the terminal registration command in the memory. The user operates the management terminal 11 or 21 to obtain terminal information (IP address and terminal name) registered from the broadband router 10 or 20, and stores and holds the terminal information in the management terminal 11 or 21. .

  Further, the management terminal 11, the facsimile terminal 12, the TV phone 13, the management terminal 21, the facsimile terminal 22, and the TV phone 23 have a function of transmitting and receiving an SIP instant message. Transmission / reception of commands between these terminals is performed using this instant message.

  The user operation of this embodiment is the same as that of the first embodiment except that the termination operation is not performed at the management terminal 11 after FAX communication. That is, the user in the first private network 1 presses the terminal information acquisition button with the broadband router 20 in the second private network 2 of the other party as the destination. When the user inputs the user name and password on the user name and password input screen, a list of terminal names in the second private network 2 is displayed, so the terminal name of the facsimile terminal 22 is selected. The subsequent operations are unique to the present embodiment.

  When the terminal name of the facsimile terminal 22 is selected from the list, the management terminal 11 determines the call connection packet reception port number and the FAX data reception port number of the broadband router 20 by a predetermined method. As a predetermined method for determining the port number, for example, there is a method of randomly selecting from a range of 20000 to 65535. Then, the port number for each data type and the selected terminal name are transmitted to the management terminal 21 by an HTTP request message.

  When receiving the HTTP request message, the management terminal 21 transmits a port open request command to the terminal having the IP address corresponding to the terminal name included in the HTTP request message, that is, the facsimile terminal 22 by an SIP instant message. The port open request command includes the port number included in the received HTTP request message.

  When this port open request command is received, the facsimile terminal 22 proceeds from step S73 to step S74, and the terminal transmits the packet connection port number for call connection and the FAX data reception port number in the port open request command. It is stored as the port number used for reception. The facsimile terminal 22 transmits a SOAP command for opening the port having the designated port number in the URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 20.

  This SOAP command is transmitted for the call connection packet reception port number and FAX data reception port number. When receiving the SOAP command, the broadband router 20 opens the designated port and stores the port number in association with the IP address of the SOAP command transmission source.

  Subsequently, the user in the first private network 1 displays the registration information (FIG. 2A) of the terminal in the network stored in the management terminal 11, and the terminal name “FAX_SITE1” of the facsimile terminal 12 is displayed. Is selected to open the port of the broadband router 10.

  The management terminal 11 randomly selects and determines a port number for the broadband router 10 to receive a call connection packet and a port number for receiving a FAX data packet from the range of 20000 to 65535, and these port numbers Is sent to the facsimile terminal 12 by an SIP instant message.

  When the facsimile terminal 12 receives this port open request command, the call connection packet reception port number and the FAX data reception port number in the port open request command are used as the port numbers used by the terminal for packet reception. The SOAP command for opening the port of the designated port number is transmitted to the URL for using the service “WANIPConnection” that opens and closes the port of the broadband router 10 while storing it.

  This SOAP command is transmitted for each of a port number for receiving a call connection packet and a port number for receiving a FAX data packet. When receiving the SOAP command, the broadband router 10 opens the designated port and stores the port number in association with the IP address of the SOAP command transmission source.

  Subsequently, the user in the first private network 1 sets a transmission document on the facsimile terminal 12 and designates the global IP address of the broadband router 20 and the port number for call connection as a destination to perform a call operation. By this calling operation, the facsimile terminal 12 transmits a connection message (SIP INVITE message) to the designated destination, that is, the broadband router 20.

  When the broadband router 20 receives the connection message (received at the port with the previously opened port number), it transmits a connection message (SIP INVITE message) to the private IP address corresponding to the received port, that is, to the facsimile terminal 22. To do.

  Upon receiving the connection message, the facsimile terminal 22 proceeds from step S75 to step S76, and establishes a session between the facsimile terminal 12 and the facsimile terminal 22 in response to the connection message. In this call connection sequence, the facsimile terminal 12 and the facsimile terminal 22 respectively notify the other terminal of the standby port number for receiving FAX data of the own terminal (operation according to the SIP standard).

  In step S 77, image data is transmitted from the facsimile terminal 12 to the facsimile terminal 22 using the FAX data transmission port of the broadband routers 10 and 20. When the FAX communication is completed, the facsimile terminal 22 proceeds from step S78 to step S79, and the call connection port number and the FAX data reception port number are transferred to a URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 20. Each of the port numbers is sent in a SOAP command for closing the port. The broadband router 20 closes the port of the port number entered in the SOAP command.

  In addition, the facsimile terminal 12 also sets the port number for call connection and the FAX data reception port number to the URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 10, and SOAP for closing the port of each port number. Send each in a command. The broadband router 10 closes the port of the port number entered in the SOAP command.

  In the above embodiment, the SIP instant message is used to transmit the port open request command from the management terminals 11 and 21 to the facsimile terminals 12 and 22, but the management terminal 11, the facsimile terminal 12, the TV phone 13, and the management terminal are used. 21, the facsimile terminal 22, and the TV phone 23 may have functions of a Web service server and a Web service client, and commands may be transmitted and received by SOAP.

  In the fourth embodiment, the management terminal 11 in the first private network 1 issues a request to open a port by specifying a port number. In this embodiment, a port number to be opened by the management terminal 21 in the second private network 2 is designated.

  The user operation in this embodiment is the same as that in the third embodiment. That is, the user in the first private network 1 presses the terminal information acquisition button with the broadband router 20 in the second private network 2 as the destination. When the user inputs the user name and password on the user name and password input screen, a list of terminal names in the second private network 2 is displayed, so the terminal name of the facsimile 22 is selected. The subsequent operations are unique to the present embodiment.

  When the terminal name of the facsimile terminal 22 is selected from the list, the management terminal 11 transmits an HTTP request message including the terminal name and inquiry information of the port number to be opened to the management terminal 21. When receiving the HTTP request message, the management terminal 21 determines the call connection packet reception port number and the FAX data reception port number of the broadband router 20 by a predetermined method. As a predetermined method for determining the port number, for example, there is a method of randomly selecting from a range of 20000 to 65535.

  Then, the management terminal 21 is a port having the call connection packet reception port number and the FAX data reception port number previously selected for the terminal having the IP address corresponding to the terminal name included in the HTTP request message, that is, the facsimile terminal 22. An open request command is transmitted by an SIP instant message.

  When the facsimile terminal 22 receives the port open request command, the facsimile terminal 22 stores the call connection packet reception port number and the FAX data reception port number in the port open request command as the port numbers used by the terminal for packet reception. In addition, the facsimile terminal 22 transmits a SOAP command for opening the port having the port number designated in the URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 20.

  This SOAP command is transmitted for the call connection packet reception port number and FAX data reception port number. When receiving the SOAP command, the broadband router 20 opens the designated port and stores the port number in association with the SOAP command transmission source IP address.

  Further, the management terminal 21 returns the call connection packet reception port number of the broadband router 20 to the management terminal 11 in an HTTP response message. When receiving the HTTP response message, the management terminal 11 displays the call connection packet reception port number contained therein on the display.

  Subsequently, the user in the first private network 1 displays the registration information (FIG. 2A) of the terminal in the network stored in the management terminal 11, and the terminal name “FAX_SITE1” of the facsimile terminal 12 is displayed. Is selected to open the port of the broadband router 10.

  The management terminal 11 randomly selects and determines a port number for the broadband router 10 to receive a call connection packet and a port number for receiving a FAX data packet from the range of 20000 to 65535, and these port numbers Is sent to the facsimile terminal 12 by an SIP instant message.

  When the facsimile terminal 12 receives this port open request command, the facsimile terminal 12 uses the call connection packet reception port number and the FAX data reception port number in the port open request command, respectively, as the port numbers used by the terminal for packet reception. And a SOAP command for opening the port of the designated port number is transmitted to the URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 10.

  This SOAP command is transmitted for each of a port number for receiving a call connection packet and a port number for receiving a FAX data packet. When receiving the SOAP command, the broadband router 10 opens the designated port and stores the port number in association with the IP address of the SOAP command transmission source.

  Subsequently, the user in the first private network 1 sets a transmission document on the facsimile terminal 12 and designates the global IP address of the broadband router 20 and the port number for call connection as a destination to perform a call operation. By this operation, the facsimile terminal 12 transmits a connection message (SIP INVITE message) to the destination that combines the designated destination IP address and the port number for call connection, that is, the broadband router 20.

  When the broadband router 20 receives the connection message (received at the port having the previously opened port number), the broadband router 20 refers to the registration information of the terminal and connects to the private IP address corresponding to the received port, that is, to the facsimile terminal 22. (SIP INVITE message) is sent.

  The facsimile terminal 22 establishes a session between the facsimile terminal 12 and the facsimile terminal 22 in response to the connection message. In this call connection sequence, the facsimile terminal 12 and the facsimile terminal 22 respectively notify the other terminal of the standby port number for receiving FAX data of the own terminal (operation according to the SIP standard). Then, image data is transmitted from the facsimile terminal 12 to the facsimile terminal 22 using the FAX data transmission port of the broadband routers 10 and 20.

  When the FAX communication is finished, the facsimile terminal 22 closes the port of each port number to the URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 20 with the port number for call connection and the port number for receiving FAX data. To be transmitted in each SOAP command. The broadband router 20 closes the port of the port number entered in the SOAP command.

  In addition, the facsimile terminal 12 also sets the port number for call connection and the FAX data reception port number to the URL for using the service “WANIPConnection” for opening and closing the port of the broadband router 10, and SOAP for closing the port of each port number. Send each in a command. The broadband router 10 closes the port of the port number entered in the SOAP command.

  In the first to fifth embodiments, communication between management terminals in different private networks is executed via a broadband router. In this embodiment, a communication path not via a broadband router is used.

  FIG. 11 is a network configuration diagram of another embodiment of a communication system according to the present invention. In the communication system of FIG. 11, the PHS network 33 is used as a communication path. In the figure, the broadband routers 10 and 20, the facsimile terminals 12 and 22, and the TV phones 13 and 23 are the same as the communication system shown in FIG.

  The management terminal 41 in the third private network 31 and the management terminal 42 in the fourth private network 32 support two types of communication, LAN and PHS. The communication between the management terminals performed in the first to fifth embodiments uses the PHS packet communication service provided by the PHS service provider.

  Since the broadband router 10 and the broadband router 20 do not need to transfer packets received from the global network 3 to the management terminal 41 and the management terminal 42, respectively, it is not necessary to open an HTTP port. The operation process is the same as that of the first to fifth embodiments except that the management terminal 41 and the management terminal 42 execute communication between the management terminals by PHS. The operation processing of the broadband router 10, the broadband router 20, the facsimile terminal 12, the facsimile terminal 22, the TV phone 13, and the TV phone 23 is the same as that in the first to fifth embodiments. The communication path used for communication between the management terminals 41 and 42 can also use another public line such as a cellular phone network.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims.

It is a network block diagram of one Example of the communication system by this invention. It is explanatory drawing which shows an example of the registered terminal information. The operation | movement flow (1/2) of an example of the management terminal connected to the 1st private network side is shown. The operation | movement flow (2/2) of an example of the management terminal connected to the 1st private network side is shown. The operation | movement flow of an example of the management terminal connected to the 2nd private network side is shown. It is explanatory drawing of an example which shows the terminal information to which the port number of the broadband router was additionally registered. The operation | movement flow of an example of the management terminal connected to the 1st private network side is shown. The operation | movement flow of an example of the management terminal connected to the 2nd private network side is shown. The operation | movement flow of an example of the broadband router connected to the 1st and 2nd private network side is shown. An operation flow of an example of the facsimile terminal 22 connected to the second private network side is shown. It is a network block diagram of the other Example of the communication system by this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 1st private network 2 2nd private network 3 Global network 10,20 Broadband router 11,21 Management terminal 12,22 Facsimile terminal 13,23 TV phone 31 3rd private network 32 4th private network 33 PHS network 41, 42 Management terminal

Claims (19)

A management terminal that is connected between an internal network and an external network and configures the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when an open request for a port designating the terminal name and port number is received from the external terminal, the network is based on the port number. A management terminal comprising a server function execution unit that opens a port of a device. A management terminal that is connected between an internal network and an external network and configures the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when a port number inquiry request specifying the terminal name is received from the external terminal, the port of the network device is opened and opened. And a server function execution unit that returns a port number of the port to the external terminal.   When opening the port of the network device, the server function execution unit notifies the IP address of the external terminal to the network device, and receives the network device at the port opened in response to a request from the external terminal. 3. The management terminal according to claim 1, wherein only packet data transmitted from the external terminal is transferred to the internal network among packet data. A management terminal that is connected between an internal network and an external network and configures the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when a communication request with the internal terminal designating a port number is received from the external terminal, the network is based on the port number. A server function execution unit that makes a request to open a port of a device to the internal terminal, and causes the internal terminal to open the port of the network device by an operation compliant with the UPnP (Universal Plug and Play) standard. A featured management terminal. A management terminal that is connected between an internal network and an external network and configures the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to the external terminal, and when a request for communication with the internal terminal is received from the external terminal, a request to open the port of the network device is sent to the internal terminal A server function execution unit that returns the port number of the port to the external terminal, and causes the internal terminal to open the port of the network device by an operation compliant with the UPnP (Universal Plug and Play) standard; A management terminal comprising:   When the server function execution unit issues a request to open a port of the network device, it notifies the internal terminal of the IP address of the external terminal, causes the internal terminal to notify the IP address of the external terminal to the network device, 5. The network device, wherein only packet data transmitted from the external terminal among packet data received at the port opened in response to a request from the external terminal is transferred to the internal network. Or the management terminal of 5.   The management terminal according to claim 1, wherein the management terminal communicates with the external terminal by connecting to the external network or a public line without going through the network device.   When the network device receives packet data at the port opened in response to a request from the external terminal, the network device transfers the packet data to an internal terminal corresponding to the terminal name specified in the request. The management terminal as described in any one of Claims 1 thru | or 7.   9. The server function execution unit, when receiving a request for closing the opened port from the external terminal, closes the port of the opened network device in response to a request from the external terminal. The management terminal according to any one of the above.   The server function execution unit, when the authentication ends abnormally, transmits an error without transmitting a list of terminal names based on the terminal information to an external terminal. The management terminal described.   The management terminal according to claim 1, wherein the network device is a router device. A port opening / closing control method in a management terminal connected between an internal network and an external network and configuring the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution step for performing authentication of the external terminal;
When the authentication ends normally, a list of terminal names based on the terminal information acquired from the terminal information management unit that manages the terminal names of the internal terminals constituting the network domain as terminal information is transmitted to the external terminal. A list sending step;
And a server function execution step of opening a port of the network device based on the port number when an open request for the port designating the terminal name and port number is received from the external terminal. A port opening / closing control method in a management terminal connected between an internal network and an external network and configuring the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution step for performing authentication of the external terminal;
When the authentication ends normally, a list of terminal names based on the terminal information acquired from the terminal information management unit that manages the terminal names of the internal terminals constituting the network domain as terminal information is transmitted to the external terminal. A list sending step;
And a server function executing step of opening a port of the network device when receiving a port number inquiry request designating the terminal name from the external terminal and returning the port number of the opened port to the external terminal. Port opening / closing control method. A port opening / closing control method in a management terminal connected between an internal network and an external network and configuring the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution step for performing authentication of the external terminal;
When the authentication ends normally, a list of terminal names based on the terminal information acquired from the terminal information management unit that manages the terminal names of the internal terminals constituting the network domain as terminal information is transmitted to the external terminal. A list sending step;
When a communication request with the internal terminal designating the port number is received from the external terminal, a request to open the port of the network device is made to the internal terminal based on the port number, and UPnP (Universal And a server function execution step for opening a port of the network device by an operation compliant with the Plug and Play) standard. A port opening / closing control method in a management terminal connected between an internal network and an external network and configuring the same network domain as a network device having a port filtering function,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution step for performing authentication of the external terminal;
When the authentication ends normally, a list of terminal names based on the terminal information acquired from the terminal information management unit that manages the terminal names of the internal terminals constituting the network domain as terminal information is transmitted to the external terminal. A list sending step;
Upon receiving a communication request with the internal terminal from the external terminal, a request to open the port of the network device is sent to the internal terminal, and the port number of the port is returned to the external terminal, And a server function execution step of opening a port of the network device by an operation compliant with the UPnP (Universal Plug and Play) standard. A management terminal that is connected between the internal network and the external network and that constitutes the same network domain as the network device having the port filtering function, including a storage device and an arithmetic processing device,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when an open request for a port designating the terminal name and port number is received from the external terminal, the network is based on the port number. A port opening / closing control program that functions as a server function execution unit that opens a device port. A management terminal that is connected between the internal network and the external network and that constitutes the same network domain as the network device having the port filtering function, including a storage device and an arithmetic processing device,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when a port number inquiry request specifying the terminal name is received from the external terminal, the port of the network device is opened and opened. A port opening / closing control program that functions as a server function execution unit that returns a port number of a port to the external terminal. A management terminal that is connected between the internal network and the external network and that constitutes the same network domain as the network device having the port filtering function, including a storage device and an arithmetic processing device,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to an external terminal, and when a communication request with the internal terminal designating a port number is received from the external terminal, the network is based on the port number. A port opening / closing operation that requests the internal terminal to open a port of a device and causes the internal terminal to function as a server function execution unit that opens a port of the network device by an operation conforming to the UPnP (Universal Plug and Play) standard. Control program. A management terminal that is connected between the internal network and the external network and that constitutes the same network domain as the network device having the port filtering function, including a storage device and an arithmetic processing device,
When there is a terminal information acquisition request from an external terminal outside the network domain, an authentication function execution unit that performs authentication of the external terminal;
A terminal information management unit that manages terminal names of internal terminals constituting the network domain as terminal information;
When the authentication is normally completed, a list of terminal names based on the terminal information is transmitted to the external terminal, and when a request for communication with the internal terminal is received from the external terminal, a request to open the port of the network device is sent to the internal terminal As a server function execution unit that returns the port number of the port to the external terminal and causes the internal terminal to open the port of the network device by an operation compliant with the UPnP (Universal Plug and Play) standard. Port opening / closing control program to function.

Images