TW201210287A - Network Address Translation device and communication method - Google Patents

Network Address Translation device and communication method Download PDF

Info

Publication number
TW201210287A
TW201210287A TW99128196A TW99128196A TW201210287A TW 201210287 A TW201210287 A TW 201210287A TW 99128196 A TW99128196 A TW 99128196A TW 99128196 A TW99128196 A TW 99128196A TW 201210287 A TW201210287 A TW 201210287A
Authority
TW
Taiwan
Prior art keywords
session
packet
client
network address
nickname
Prior art date
Application number
TW99128196A
Other languages
Chinese (zh)
Inventor
Yan-Rung Huang
Yao-Wen Chang
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW99128196A priority Critical patent/TW201210287A/en
Publication of TW201210287A publication Critical patent/TW201210287A/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention provides a network address translation (NAT) device and a communication method thereof. The NAT device requests a network server to transmit an invitation data packet sent from a first client to a second client, and transmits an accept-invitation data packet that is sent from the second client and transmitted by the network server to the first client. Then the NAT device requests the network server to transmit a session connection data packet sent from the first client to the second client, and prevents a reply-session connection data packet directly sent from the second client to pass the NAT device. Only on condition that an aim port number in the reply-session connection data packet is the same as a source port number in the session connection data packet, the NAT device allows the reply-session connection data packet to pass the NAT device, so as to reach the first client.

Description

201210287 六、發明說明: 【發明所屬之技術領域】 [0001] 本發明涉及一種通訊設備及通訊方法,尤其是關於一種 網路位址轉換(Network Address Translation,NAT )設備及通訊方法。 【先前技#ί】 [0002] 網路位址轉換(Network Address Trans 1 at ion,NAT )協議被廣泛應用於各種類型Internet接入方式的網路 中。借助於NAT協定,内部網路透過NAT設備(如路由器 )發送資料包時,内部網路的私有IP位址被轉換為公有 IP位址。一個内部網路只需使用少量IP位址即可實現該 内部網路中所有電腦與Internet的通訊需求,從而減少 對公網IP地址的佔用。 [0003] 為了防止外部網路對内部網路的攻擊,NAT設備(如路由 器)會阻止其他網路終端設備主動發送的連接請求資料 包進入内部網路。但是這種做法會導致無法建立内部網 路中的電腦與其他網路終端設備的正常通訊。為了解決 這種問題,内部網路中的電腦可以利用網路伺服器作媒 體與其他網路終端設備進行通訊。這樣,内部網路中的 電腦與其他網路終端設備通訊過程中來往的所有資料包 由網路伺服器代為轉發。這種通訊方法的不足之處在於 ,由網路伺服器向不同網路的終端設備轉發資料包會造 成通訊過程中的時間延遲。 【發明内容】 [0004] 黎於以上内容,有必要提供一種網路位址轉換(Network 099128196 表單編號 A0101 第 4 頁/共 17 頁 0992049563-0 201210287201210287 VI. Description of the Invention: [Technical Field] [0001] The present invention relates to a communication device and a communication method, and more particularly to a network address translation (NAT) device and a communication method. [Previous technology #ί] [0002] The Network Address Transit (NAT) protocol is widely used in networks of various types of Internet access methods. With the NAT protocol, when the internal network sends a packet through a NAT device (such as a router), the private IP address of the internal network is converted into a public IP address. An internal network can use only a small number of IP addresses to realize the communication needs of all computers in the internal network and the Internet, thereby reducing the occupation of the public network IP address. [0003] In order to prevent an external network from attacking an internal network, a NAT device (such as a router) blocks connection request packets sent by other network terminal devices from entering the internal network. However, this practice can result in the inability to establish normal communication between computers on the internal network and other network terminal devices. In order to solve this problem, computers on the internal network can use the network server as a medium to communicate with other network terminal devices. In this way, all data packets coming and going during the communication between the computers on the internal network and other network terminal devices are forwarded by the network server. The shortcoming of this communication method is that the forwarding of data packets by the network server to the terminal devices of different networks causes a time delay in the communication process. SUMMARY OF THE INVENTION [0004] In the above content, it is necessary to provide a network address translation (Network 099128196 Form No. A0101 Page 4 of 17 0992049563-0 201210287

Address Translation,NAT)設備及方法,可以在建 立不同網路的終端設備之間的通訊過程中允許其他網路 發送的請求連接資料包穿越該NAT設備’減少通訊過程中 的時間延遲。 [0005] Ο 一種NAT設備,該NAT設備與第一用戶端及網路伺服器通 訊連接,該網路伺服器還與第二用戶端通訊連接。該NAT 設備接收第一用戶端發送的會話邀請資料包,並請求網 路伺服器轉發該會話邀請資料包至第二用戶端》網路祠 服器轉發第二用戶端回復的回應邀請資料包至該NAT設備 ,該NAT設備將該回應邀請資料包發送至第一用戶端。該 NAT設備接收第一用戶端發送的會話連接資料包,並請求 網路伺服器轉發該會話連接資料包至第二用戶端,該NAT 設備接收第二用戶端發送的會話回應資料包並阻止該會 話回應資料包穿越該網路位址轉換設備’檢查該會話連 接資料包中的源埠號是否與所述會話回應資料包中的目 的埠號相同。若該會話連接f料包中的源埠號與所述會 - . V if; '; Ο 話回應資料包中的目的埠號相同,則該NAT設備允許所述 會話回應資料包穿越該NAT設備到^第一用戶端。若該會 話連接資料包中的源埠號與所述會話回應資料包中的目 的埠號不同,則該NAT設備繼續阻止所述會話回應資料包 穿越該NAT設備。 [0006] 一種通訊方法,應用於NAT設備。該方法包括:(A)接 收第一用戶端發送的會話邀請資料包,並請求網路伺服 器轉發該會話邀請資料包至第二用戶端;(B)接收網路 伺服器轉發的第二用戶端回復的回應邀請資料包,並將 099128196 表單編號A0101 0992049563-0 201210287 該回應邀請資料包發送至第一用戶端;(c)接收第一用 戶端發送的會話連接資料包,並請求網路伺服器轉發該 會話連接資料包至第二用戶端;(D)接收第二用戶端發 送的會話回應資料包並阻止該會話回應資料包穿越該N A T 設備;(E)再次接收第一用戶端發送的會話連接資料包 ,並檢查該會話連接資料包中的源埠號是否與所述會話 回應資料包中的目的埠號相同;及(F)若該會話連接資 料包中的源埠號與所述會話回應資料包中的目的埠號相 同,則允許所述會話回應資料包穿越該NAT設備到達第一 用戶端,若該會話連接資料包中的源埠號與所述會話回 應資料包中的目的埠號不同,則繼續阻止所述會話回應 資料包穿越該NAT設備。 [0007] 相較於習知技術,本發明所提供之NAT設備及通訊方法, 可以在建立不同網路的終端設備之間的通訊過程中允許 其他網路發送的請求連接資料包穿越該NAT設備,減少通 訊過程中的時間延遲。 【實施方式】 [0008] 參閱圖1所示,係本發明網路位址轉換(NetworkAd-dress Translation,NAT)設備較佳實施例之應用環 境圖。圖1中所示的電腦10及40位於不同的網路中,例如 電腦10 (第一用戶端)可能位於一個局域網1,而電腦40 (第二用戶端)位於另外一個局域網2。電腦10透過NAT 設備20及網路伺服器30與電腦40進行通訊。在本實施例 中,該NAT設備20為路由器,該網路伺服器30為Windows Live Messenger網路祠服器。在其他實施例中,所述 099128196 表單編號A0101 第6頁/共17頁 0992049563-0 201210287 NAT設備20也可以為交換機 轉換功能的設備。 、伺服器或其他具有網路位址 [0009] NAT設備20將電腦10的私有IP位址轉換為外網(例如網 際網路)中的公有心址,從而減少局域網中的電腦對 外網中公有IP地址的佔用。 [0010] 〇 [0011] 〇 099128196The Address Translation (NAT) device and method can allow the request connection packets sent by other networks to traverse the NAT device during the communication process between the terminal devices establishing different networks to reduce the time delay in the communication process. [0005] Ο A NAT device, the NAT device is in communication with a first client and a network server, and the network server is also in communication with the second client. The NAT device receives the session invitation data packet sent by the first client, and requests the network server to forward the session invitation data packet to the second client, and the network server forwards the response invitation packet sent by the second client to The NAT device sends the response invitation data packet to the first user end. The NAT device receives the session connection data packet sent by the first user, and requests the network server to forward the session connection data packet to the second user end, and the NAT device receives the session response data packet sent by the second user terminal and blocks the The session response packet traverses the network address translation device to check whether the source nickname in the session connection packet is the same as the destination nickname in the session response packet. If the source nickname in the session connection f packet is the same as the destination nickname in the response packet, the NAT device allows the session response packet to traverse the NAT device. To ^ first client. If the source nickname in the session connection package is different from the destination nickname in the session response packet, the NAT device continues to prevent the session response packet from traversing the NAT device. [0006] A communication method applied to a NAT device. The method includes: (A) receiving a session invitation data packet sent by the first client, and requesting the network server to forward the session invitation data packet to the second user terminal; (B) receiving the second user forwarded by the network server The responding invitation packet is replied to, and 099128196 form number A0101 0992049563-0 201210287, the response invitation packet is sent to the first client; (c) receiving the session connection packet sent by the first client, and requesting the network servo Transmitting the session connection packet to the second client; (D) receiving the session response packet sent by the second client and preventing the session response packet from traversing the NAT device; (E) receiving the first client to send again Conversation connection packet, and checking whether the source nickname in the session connection package is the same as the destination nickname in the session response packet; and (F) if the source nickname in the session connection package is If the destination nickname in the session response packet is the same, the session response packet is allowed to traverse the NAT device to reach the first client, if the session is connected to the source in the data packet. Number and the session should return data packet purpose port numbers are different, then continue to block the session in response to data packets through the NAT device. [0007] Compared with the prior art, the NAT device and the communication method provided by the present invention can allow a request connection data packet sent by another network to traverse the NAT device during communication between terminal devices establishing different networks. , reducing the time delay in the communication process. [Embodiment] [0008] Referring to FIG. 1, an application environment diagram of a preferred embodiment of a Network Address Translation (NAT) device of the present invention is shown. The computers 10 and 40 shown in Fig. 1 are located in different networks. For example, the computer 10 (first client) may be located in one LAN 1 and the computer 40 (second client) may be located in another LAN 2. The computer 10 communicates with the computer 40 via the NAT device 20 and the network server 30. In this embodiment, the NAT device 20 is a router, and the network server 30 is a Windows Live Messenger network server. In other embodiments, the 099128196 Form No. A0101 Page 6 of 17 0992049563-0 201210287 The NAT device 20 can also be a switch conversion device. , server or other network address [0009] NAT device 20 converts the private IP address of computer 10 into a public address in the external network (such as the Internet), thereby reducing the publicity of the computer in the local area network The occupation of the IP address. [0010] 〇 099128196

在本實施例中’翏閲圖2中所示,“ client 1,,代表電 腦10,“client2代表電腦4〇。·設備2〇接收 10發送的各種資料包,例如會話遨請資料包“ client 2 ,會話連接資料包 “UDP sessi〇n sre port = X” ’並諱求網路词服謂轉發電腦發送= 資料包至電麟。其中SrepGrt=x代表電腦1 ^ i 中的源蜂號,脈是 UserDatagramPr〇tc)cc)i 的= 。網路伺服器30轉發電腦1〇發送的 料 —«竹^至電腦4〇 ,並轉發電腦40回復的資料包,例如圖_示的回應邀許 資料包 Accept invitatLon” 至電腦 1〇。 NAT設備20還用於阻擋其他網路中用戶她聆里 尸鲕聚置,例如局玲 網2中的電腦40 ’直接向電腦1〇發送的請求連接資;勺 例如 session des=x src = y”(其中示 目的埠號,SrC = y表示源埠號),以避免電腦ι〇受到不甲 資料包的攻擊。例如’ NAT設備20在接收到“UDp ses_ sion des=x SrC=y”的資料包後’產生—個^忱⑺以 控制消息協定(Internet Control Message Pr_Q一 tocol ’ ICMP)資料包。ICMP資料包用於在網路中的設 備’例如電腦10、40、NAT設備20、網路词服器3〇,之 間傳遞控制消息,告知網路通不通、主機是否可達、路 .—.*Λ1 Λ1 ΛΛ n -JZ / ιΧ 1 7 S 表單編號A0101 第7頁/共Π頁 201210287 由是否可用等網路本身的消息。例如,圖2中所示的I CMP 資料包“ICMP with unreachable x”表示電腦40請 求連接的埠X不可到達。 [0012] 但是在本實施例中,NAT設備20並不將該ICMP資料包發 送給電腦40,而是分析電腦40向電腦10再次發送的請求 連接資料包及電腦1 0發起的會話連接資料包中的埠號。 當電腦40再次向電腦10發送的請求連接資料包中的目的 埠號與電腦10發起的會話連接資料包中的源埠號相同時 ,NAT設備20允許電腦40發送的請求連接資料包穿越NAT 設備20,到達電腦10,從而建立電腦10與40之間的通訊 。之後,電腦10及40在通訊過程中傳遞的通訊消息,例 如電腦10向電腦40發送的消息“UDP session des = y src = x with video conference payload” ,及電腦· 40 向電腦 10 發送的消息 “UDP session des = x src^y with video conference payload” ,可以直接到達 對方,不再需要網路伺服器30進行中轉,從而可以減少 通訊過程中的時間延遲。 [0013] 參閱圖3所示,係本發明通訊方法較佳實施例之流程圖。 [0014] 步驟S31,NAT設備20接收電腦10 (第一用戶端)發送的 會話邀請資料包“Invite client 2” ,並請求網路伺 服器30轉發該會話邀請資料包至電腦40 (第二用戶端) 〇 [0015] 步驟S33,NAT設備20接收網路伺服器30轉發的電腦40回 復的回應遨請資料包“Accept invitation” ,並將該 099128196 表單編號A0101 第8頁/共17頁 0992049563-0 201210287 [0016] [0017] [0018]In the present embodiment, as shown in Fig. 2, "client 1, representing the computer 10, "client2 represents the computer 4". Device 2 receives 10 various packets sent, such as the session request packet "client 2, session connection packet "UDP sessi〇n sre port = X" ' and requests the network word service forwarding computer to send = data Package to the electric Lin. SpreGrt=x represents the source bee number in the computer 1 ^ i, the pulse is UserDatagramPr〇tc)cc)i =. The network server 30 forwards the data sent by the computer 1——“竹^ to the computer 4〇, and forward the data packet replied by the computer 40, for example, the response request packet (Accept invitatLon) is shown to the computer. The NAT device 20 is also used to block users in other networks from concentrating on the corpse, for example, the computer 40' in the singular network 2 directly sends the request connection to the computer 1; the spoon, for example, session des=x src = y "(where the nickname is shown, SrC = y is the source nickname) to prevent the computer from being attacked by the non-package. For example, 'NAT device 20 is receiving "UDp ses_ sion des=x SrC=y" After the data package, 'generate' (7) to control the message protocol (Internet Control Message Pr_Q-tocol ' ICMP) data packet. ICMP data packet is used for devices in the network 'such as computer 10, 40, NAT device 20, network Road word service device 3〇, pass control messages between, tell the network is unreachable, the host is reachable, road.—.*Λ1 Λ1 ΛΛ n -JZ / ιΧ 1 7 S Form No. A0101 Page 7 / Total Page 201210287 A message such as whether or not the network itself is available. For example, the ICMP packet "ICMP with unreachable x" shown in Fig. 2 indicates that the computer 40 requests the connection 埠X to be unreachable. [0012] However, in this embodiment, The NAT device 20 does not send the ICMP packet to the computer 40. It is an nickname in the session connection packet sent by the analysis computer 40 to the computer 10 and the session connection package initiated by the computer 10. The nickname and the computer 10 in the request connection packet sent by the computer 40 to the computer 10 again. When the source nicknames in the initiated session connection data package are the same, the NAT device 20 allows the request connection data packet sent by the computer 40 to traverse the NAT device 20 and reach the computer 10, thereby establishing communication between the computers 10 and 40. Thereafter, the computer 10 And the communication message transmitted during the communication, for example, the message "UDP session des = y src = x with video conference payload" sent by the computer 10 to the computer 40, and the message sent by the computer 40 to the computer 10 "UDP session des = x src^y with video conference payload", can directly reach the other party, no longer need the network server 30 to transfer, so that the time delay in the communication process can be reduced. [0013] Referring to FIG. 3, the communication of the present invention is shown. [0014] Step S31, the NAT device 20 receives the session invitation data package sent by the computer 10 (the first user end) "Invite c Lient 2", and requests the network server 30 to forward the session invitation packet to the computer 40 (second client). [0015] Step S33, the NAT device 20 receives the response from the computer 40 forwarded by the network server 30. Please request the package "Accept invitation" and the 099128196 form number A0101 page 8 / page 17 0992049563-0 201210287 [0016] [0018]

Ο [0019] 回應邀請資料包發送至電腦10。 步驟S35,NAT設備20接收電腦10發送的會話連接資料包 “UDP session src port = x” ,該會話連接資料包包 括電腦10在局域網1中的埠號,例如src port = x表示電 腦10在局域網1中的埠號為X。 步驟S37,NAT設備20請求網路伺服器30轉發該會話連接 資料包至電腦40。 步驟S39,NAT設備20接收電腦40發送的會話回應資料包 “UDP session des=x src=y” ,該資料包包括發送該 資料包的電腦40在局域網2中的源埠號(例如src = y)及 該資料包期望到達的目的埠號(例如des = x)。為了避免 電腦10受到不明資料包的攻擊,NAT設備20阻止其他網路 中用戶端裝置,包括局域網2中的電腦40,向電腦10發送 的所有包括請求連接的埠資訊的資料包,例如該電腦40 發送的會話回應資料包“UDP session des=x src = y” ο 步驟S41,NAT設備20接收電腦40發送的會話回應資料包 “UDP session des = x src = y” 後,產生一個 ICMP資 料包“ICMP with unreachable X”表示電腦40請求 連接的埠X不可到達,但是暫時並不將該ICMP資料包發送 給電腦40,而是再次接收電腦10發送的會話連接資料包 “UDP session src port二x” 。 步驟S43,NAT設備20分析電腦40向電腦10發送的會話回 應資料包及電腦10發起的會話連接資料包中的埠號,檢 099128196 表單編號A0101 第9頁/共17頁 0992049563-0 [0020] 201210287 查該會話回應資料包中的目的埠號是否與該會話連接資 料包中的源埠號相同。如果該會話回應資料包中的目的 埠號與該會話連接資料包中的源埠號相同,例如該會話 回應資料包中的目的埠號“des = x” ,該會話連接資料包 中的源埠號“src port=x” ,則表明電腦40是電腦1〇期 望建立通訊的用戶端裝置’流程進入步驟S45,NAT設備 20允許該會話回應資料包“UDP session des=x src=y”穿越該NAT設備20到達電腦10,從而建立電腦10 與電腦40之間的通訊。 [0021] [0022] [0023] 在步驟S43,如果MT設備20檢查發現讓會話回應資料包 中的目的埠號與該會話連接資料包中的源埠號不同,則 表明電腦40不是電腦10期望建立通訊的用戶端裝置,流 程進入步驟S47,NAT設備20阻止該會話回應資料包“ UDP session des = x src = y” 發送至電腦 10。例如, NAT設備20將產生的ICMP資料包“ ICMP with un-reachable x”發送至電腦40 ’通知電腦40請求連接的 埠X不可到達。之後,流程結專1 . ;:..',' 最後應說明的是,以上實施方式僅用以說明本發明的技 術方案而非限制’儘管參照較佳實施方式對本發明進行 了詳細說明’本領域的普通技術人員應當理解,可以對 本發明的技術方案進行修改或等同替換,而不脫離本發 明技術方案的精神和範圍。 【圖式簡單說明】 圖1係本發明網路位址轉換(Network Address Transit ion ’ NAT) 設備 較佳實施例之應用環境圖。 099128196 表單編號A0101 第10頁/共丨7頁 0992049563-0 201210287 [_]圖2係利用圖1中所示NAT設備建立不同網路中用戶端之間 的通訊之示意圖。 _冑3係本發明通財紐實施例之流程圖。 【主要元件符號說明】 [0026] 電腦:10、40 [0027] NAT設備:20 [0028] 網路伺服器:30Ο [0019] The response invitation packet is sent to the computer 10. In step S35, the NAT device 20 receives the session connection data packet "UDP session src port = x" sent by the computer 10, and the session connection data package includes an nickname of the computer 10 in the local area network 1, for example, src port = x indicates that the computer 10 is in the local area network. The nickname in 1 is X. In step S37, the NAT device 20 requests the network server 30 to forward the session connection packet to the computer 40. In step S39, the NAT device 20 receives the session response data packet "UDP session des=x src=y" sent by the computer 40, and the data packet includes the source nickname of the computer 40 transmitting the data packet in the local area network 2 (for example, src = y ) and the destination nickname that the package is expected to reach (eg des = x). In order to prevent the computer 10 from being attacked by an unknown packet, the NAT device 20 blocks the client devices in other networks, including the computer 40 in the local area network 2, from transmitting to the computer 10 all packets including the information requesting the connection, such as the computer. The sent session response packet "UDP session des=x src = y" ο Step S41, the NAT device 20 receives the session response packet "UDP session des = x src = y" sent by the computer 40, and generates an ICMP packet. "ICMP with unreachable X" means that the computer 40 requests the connection 埠X to be unreachable, but temporarily does not send the ICMP packet to the computer 40, but receives the session connection packet sent by the computer 10 again "UDP session src port two x ". In step S43, the NAT device 20 analyzes the session response data packet sent by the computer 40 to the computer 10 and the nickname in the session connection data packet initiated by the computer 10, and checks 099128196 Form No. A0101 Page 9/17 pages 0992049563-0 [0020] 201210287 Check if the destination nickname in the session response packet is the same as the source nickname in the session connection package. If the destination nickname in the session response packet is the same as the source nickname in the session connection package, for example, the destination nickname "des = x" in the session response packet, the source in the session connection package The number "src port=x" indicates that the computer 40 is the client device that the computer 1 desires to establish communication. The flow proceeds to step S45, and the NAT device 20 allows the session response packet "UDP session des=x src=y" to traverse the The NAT device 20 arrives at the computer 10 to establish communication between the computer 10 and the computer 40. [0022] [0023] In step S43, if the MT device 20 checks to find that the destination nickname in the session response packet is different from the source nickname in the session connection packet, it indicates that the computer 40 is not the computer 10 expectation. The client device of the communication is established, and the flow proceeds to step S47, and the NAT device 20 blocks the session response packet "UDP session des = x src = y" from being sent to the computer 10. For example, the NAT device 20 sends the generated ICMP packet "ICMP with un-reachable x" to the computer 40' to notify the computer 40 that the connection 埠X is unreachable. </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; A person skilled in the art should understand that the technical solutions of the present invention may be modified or equivalently substituted without departing from the spirit and scope of the technical solutions of the present invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is an application environment diagram of a preferred embodiment of a Network Address Transition (NAT) device of the present invention. 099128196 Form No. A0101 Page 10/Total 7 Page 0992049563-0 201210287 [_] Figure 2 is a schematic diagram of establishing communication between UEs in different networks using the NAT device shown in Figure 1. _胄3 is a flow chart of an embodiment of the present invention. [Main component symbol description] [0026] Computer: 10, 40 [0027] NAT device: 20 [0028] Network server: 30

099128196 表單編號A0101 笫1丨頁/共頁 0992049563-0099128196 Form number A0101 笫1丨 page/total page 0992049563-0

Claims (1)

201210287 七、申請專利範圍: 1 . 一種網路位址轉換設備,該網路位址轉換設備與第一用戶 端及網路伺服器通訊連接,該網路伺服器還與第二用戶端 通訊連接,該網路位址轉換設備用於: 接收第一用戶端發送的會話邀請資料包,並請求網路伺服 器轉發該會話邀請資料包至第二用戶端; 接收網路伺服器轉發的第二用戶端回復的回應邀請資料包 ,並將該回應邀請資料包發送至第一用戶端; 接收第一用戶端發送的會話連接資料包,並請求網路伺服 器轉發該會話連接資料包至第二用戶端,該會話連接資料 包包括第一用戶端的源埠號; 接收第二用戶端發送的會話回應資料包並阻止該會話回應 資料包穿越該網路位址轉換設備,該會話回應資料包包括 源埠號及目的埠號; 再次接收第一用戶端發送的會話連接資料包,並檢查該會 話連接資料包中的源埠號是否與所述會話回應資料包中的 目的埠號相同;及 若該會話連接資料包中的源埠號奐所述會話回應資料包中 的目的埠號相同,則允許所述會話回應資料包穿越該網路 位址轉換設備到達第一用戶端,若該會話連接資料包中的 源埠號與所述會話回應資料包中的目的埠號不同,則繼續 阻止所述會話回應資料包穿越該網路位址轉換設備。 2 .如申請專利範圍第1項所述之網路位址轉換設備,其中, 該網路位址轉換設備在阻止所述會話響應資料包穿越該網 路位址轉換設備時,產生一個Internet控制協定資料包 099128196 表單編號A0101 第12頁/共17頁 0992049563-0 201210287 ,當檢查得到所述會話連接資料包中的源埠號與該會話回 應資料包中的目的埠號不同時,將該In ter net控制協定 資料包發送至第二用戶端,告知該第二用戶端請求的埠不 可到達。 3 .如申請專利範圍第1項所述之網路位址轉換設備,其中, 該網路位址轉換設備為路由器,交換機或伺服器。 4 . 一種通訊方法,應用於網路位址轉換設備,該網路位址轉 換設備與第一用戶端及網路伺服器通訊連接,該網路伺服 器還與第二用戶端通訊連接,該方法包括: 〇 接收第一用戶端發送的會話邀請資料包,並請求網路伺服 器轉發該會話邀請資料包至第二用戶端; 接收網路伺服器轉發的第二用戶端回復的回應邀請資料包 ,並將該回應邀請資料包發送至第一用戶端; 接收第一用戶端發送的會話連接資料包,並請求網路伺服 器轉發該會話連接資料包至第二用戶端,該會話連接資料 包包括第一用戶端的源埠號; 接收第二用戶端發送的會話回應資料包並阻止該會話回應 ^ 資料包穿越該網路位址轉換設備,該會話回應資料包包括 源埠號及目的埠號; 再次接收第一用戶端發送的會話連接資料包,並檢查該會 話連接資料包中的源埠號是否與所述會話回應資料包中的 目的埠號相同;及 若該會話連接資料包中的源埠號與所述會話回應資料包中 的目的埠號相同,則允許所述會話回應資料包穿越該網路 位址轉換設備到達第一用戶端,若該會話連接資料包中的 源埠號與所述會話回應資料包中的目的埠號不同,則繼續 099128196 表單編號A0101 第13頁/共17頁 0992049563-0 201210287 阻止所述會話回應資料包穿越該網路位址轉換設備。 5 .如申請專利範圍第4項所述之通訊方法,該方法還包括: 在阻止所述會話回應資料包穿越該網路位址轉換設備時, 產生一個Internet控制協定資料包,當檢查得到所述會 話連接資料包中的源埠號與該會話回應資料包中的目的埠 號不同時,將該Internet控制協定資料包發送至第二用 戶端,告知該第二用戶端請求的埠不可到達。 6.如申請專利範圍第4項所述之通訊方法,其中,該網路位 址轉換設備為路由器,交換機或伺服器。 0992049563-0 099128196 表單編號A0101 第14頁/共Π頁201210287 VII. Patent application scope: 1. A network address conversion device, the network address conversion device is communicatively connected with a first user terminal and a network server, and the network server is also connected with the second user terminal. The network address translation device is configured to: receive a session invitation data packet sent by the first user end, and request the network server to forward the session invitation data packet to the second user end; receive the second forwarded by the network server The user replies with the response invitation packet, and sends the response invitation packet to the first client; receives the session connection packet sent by the first client, and requests the network server to forward the session connection packet to the second The client connection packet includes a source nickname of the first client; receiving a session response packet sent by the second client and preventing the session response packet from traversing the network address translation device, where the session response packet includes Source nickname and destination nickname; receive the session connection packet sent by the first client again, and check the source in the session connection packet Whether the number is the same as the destination nickname in the session response packet; and if the source nickname in the session connection packet is the same as the destination nickname in the session response packet, the session response packet is allowed Traversing the network address translation device to the first user end, if the source nickname in the session connection data packet is different from the destination nickname in the session response data packet, continuing to prevent the session response data packet from traversing the Network address translation device. 2. The network address translation device of claim 1, wherein the network address translation device generates an Internet control when the session response packet is blocked from traversing the network address translation device. Agreement Package 099128196 Form No. A0101 Page 12 of 17 0992049563-0 201210287, when the check indicates that the source nickname in the session connection package is different from the destination nickname in the session response packet, the In The ter net control protocol data packet is sent to the second client, and the second client requests the unreachable request. 3. The network address translation device of claim 1, wherein the network address translation device is a router, a switch or a server. A communication method is applied to a network address conversion device, wherein the network address conversion device is in communication with a first user end and a network server, and the network server is further connected to the second user end, The method includes: receiving a session invitation data packet sent by the first user end, and requesting the network server to forward the session invitation data package to the second user end; receiving the response invitation data of the second user end reply forwarded by the network server And sending the response invitation data packet to the first user terminal; receiving the session connection data packet sent by the first user terminal, and requesting the network server to forward the session connection data package to the second user end, the session connection data The packet includes a source nickname of the first client; receiving a session response packet sent by the second client and preventing the session from responding. The packet traverses the network address translation device, and the session response packet includes a source nickname and a destination 埠Receiving the session connection data packet sent by the first client again, and checking whether the source nickname in the session connection data package is related to the session The destination nickname in the data package is the same; and if the source nickname in the session connection package is the same as the destination nickname in the session response packet, the session response packet is allowed to traverse the network address. The conversion device arrives at the first user end, if the source nickname in the session connection data package is different from the destination nickname in the session response data package, then continue to 099128196 Form No. A0101 Page 13 / Total 17 Page 0992049563-0 201210287 The session response packet is blocked from traversing the network address translation device. 5. The communication method according to claim 4, wherein the method further comprises: generating an Internet Control Protocol packet when the session response packet is blocked from traversing the network address conversion device; When the source nickname in the session connection data packet is different from the destination nickname in the session response data packet, the Internet Control Protocol data packet is sent to the second user terminal to notify the second client that the requested 埠 is unreachable. 6. The communication method according to claim 4, wherein the network address conversion device is a router, a switch or a server. 0992049563-0 099128196 Form No. A0101 Page 14 / Total Page
TW99128196A 2010-08-24 2010-08-24 Network Address Translation device and communication method TW201210287A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW99128196A TW201210287A (en) 2010-08-24 2010-08-24 Network Address Translation device and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW99128196A TW201210287A (en) 2010-08-24 2010-08-24 Network Address Translation device and communication method

Publications (1)

Publication Number Publication Date
TW201210287A true TW201210287A (en) 2012-03-01

Family

ID=46763935

Family Applications (1)

Application Number Title Priority Date Filing Date
TW99128196A TW201210287A (en) 2010-08-24 2010-08-24 Network Address Translation device and communication method

Country Status (1)

Country Link
TW (1) TW201210287A (en)

Similar Documents

Publication Publication Date Title
CN113014562B (en) Method and apparatus for establishing a media session
TWI408936B (en) Network traversal method and network communication system
TWI434595B (en) Connection establishing management methods for use in a network system and systems thereof
EP1892887B1 (en) Communication method between communication devices and communication apparatus
US7792065B2 (en) Securely establishing sessions over secure paths
US8611354B2 (en) Method and apparatus for relaying packets
US20020042832A1 (en) System and method for interoperability of H.323 video conferences with network address translation
TWI484804B (en) Data management methods for use in a network system and systems thereof
US20060187912A1 (en) Method and apparatus for server-side NAT detection
CN104660952B (en) Video conference communication method and system
TWI245192B (en) Method, system and storage medium for passing through network address translation device
JP2015521436A (en) NAT traversal for VoIP
TW201002018A (en) Method for predicting port number of NAT apparatus based on two STUN server inquiry results
US20100040057A1 (en) Communication method
CN113632443A (en) Methods, systems, and computer readable media for establishing a communication session between a Public Switched Telephone Network (PSTN) endpoint and a WEB real-time communication (WEBRTC) endpoint
WO2009121267A1 (en) A method and an apparatus for realizing nat
WO2007019809A1 (en) A method and ststem for establishing a direct p2p channel
CN106331195B (en) Data receiving and sending method and device
JP2007082196A (en) Method for establishing and maintaining connection
US11716222B2 (en) Communications bridge
CN102377834B (en) Network address translation equipment and communication method
WO2011044810A1 (en) Method, device and system for implementing multiparty communication
TW201210287A (en) Network Address Translation device and communication method
TWI260880B (en) Peer-to-Peer communication method capable of penetrating fire wall
TW201616844A (en) Network connection system for solving connection limitations of network address translation and method thereof