-
Notifications
You must be signed in to change notification settings - Fork 6
Notes about NAT
RFC 2663 - Common terminology for NAT
RFC 3022 - Traditional NAT
RFC 3489 - (Obsolete) Different types of NAT (Full Cone, etc.)
RFC 4787 - NAT requirements for unicast UDP
(Early discussions distinguished between "basic NAT", which translates only IP addresses, and "Network Address/Port Translation" (NAPT) which modifies both address and port. Nowadays "basic NAT" is extremely uncommon, and "NAT" almost always includes port translation.)
Full Cone = Endpoint-independent mapping, no filtering
Restricted Cone = Endpoint-independent mapping, address-dependent filtering
Port Restricted Cone = Endpoint-independent mapping, address and port-dependent filtering
Symmetric = Address and port-dependent mapping, address and port-dependent filtering
From RFC 4787:
REQ-5: A NAT UDP mapping timer MUST NOT expire in less than two
minutes, unless REQ-5a applies.
a) For specific destination ports in the well-known port range
(ports 0-1023), a NAT MAY have shorter UDP mapping timers that
are specific to the IANA-registered application running over
that specific destination port.
b) The value of the NAT UDP mapping timer MAY be configurable.
c) A default value of five minutes or more for the NAT UDP mapping
timer is RECOMMENDED.
I.e. we can assume NAT mappings will live for at least 2 minutes, and usually at least 5 minutes.
REQ-6: The NAT mapping Refresh Direction MUST have a "NAT Outbound
refresh behavior" of "True".
a) The NAT mapping Refresh Direction MAY have a "NAT Inbound
refresh behavior" of "True".
The NAT mapping is only guaranteed to stay alive if outbound refresh packets are sent. Inbound refresh packets may or may not keep the mapping alive.
Copyright 2019 Lanikai Labs. All rights reserved.