... | ... | @@ -11,14 +11,19 @@ Not all NAT and firewall configurations are the same. Two specific peers are not |
|
|
A NAT's mapping behaviour determines how an *internal* (ip, port) pair is mapped to an *external* (ip, port) pair. The internal pair is the address and port assigned to the application on the user's machine. The external pair is the address and port that are visible to the rest of the internet.
|
|
|
|
|
|
There are many different ways to perform this mapping, but for simplicity we will consider the following three general types:
|
|
|
- **Address-independent (AI)** mapping: internal addresses are mapped to the same external address regardless the remote (ip, port) pair they are connecting to
|
|
|
- **Address-independent (AI)** mapping: internal addresses are mapped to the same external address regardless the remote (ip, port) pair they are connecting to, or there is no NAT in place
|
|
|
- **Address-only-dependent (AO)** mapping: internal addresses are mapped to a different external address depending on which remote ip address they are connecting to
|
|
|
- **Address-and-port-dependent (AP)** mapping" internal addresses are mapped to a different external address depending on which remote ip and port they are connecting to
|
|
|
- **Address-and-port-dependent (AP)** mapping: internal addresses are mapped to a different external address depending on which remote ip and port they are connecting to
|
|
|
|
|
|
NATs that are either address only dependent or address and port dependent are typically referred to as **symmetric NATs**.
|
|
|
|
|
|
### NAT Filtering Behaviour
|
|
|
|
|
|
Filtering behaviour can also be generalized into the same three types:
|
|
|
- **Address-independent (AI)** filtering: incoming connections are not filtered
|
|
|
- **Address-only-dependent (AO)** filtering: incoming connections are filtered if there was not a corresponding outgoing connection to the remote IP address
|
|
|
- **Address-and-port-dependent (AP)** filtering: incoming connections are filtered if there was not a corresponding outgoing connection to the remote IP address and port pair
|
|
|
|
|
|
### NAT Compatibility
|
|
|
|
|
|
The following chart shows which NATs are compatible with each other. Columns and rows show the NAT type in the form: (mapping, filtering). Pairwise compatible NATs are marked with a checkmark (:heavy_check_mark:), and incompatible NATs are marked with an X.
|
... | ... | |