@[TOC]
[1] (www.h3c.com/cn/d_201206… [2] (www.h3c.com/cn/d_201208…
1. STUN
1.1 Full Cone NAT
All requests sent from the same Intranet (IP address, port) are mapped to the same extranet (IP address, port), and any extranet host can access the host device on the Intranet by using the mapped public IP address.
== An external host can actively connect to an internal host ==.
This type of NAT is only related to the source IP address and source port. As long as (source IP address and source port) are the same, any web site can be accessed through the mapped (public IP address and port). Therefore, this type of NAT is called full-cone NAT. It’s kind of like static NAT
1.2 Restricted Cone NAT
All the requests sent from the same Intranet (IP address, port) are mapped to an external network (IP address, port). However, the difference with the full cone is that the generated mapping entries are related to the destination IP address. Only the destination IP address that meets the requirements (the IP address of the public network server to be accessed) can communicate with each other. This NAT has another feature: The host address on the Intranet cannot be actively connected. The connection must be initiated from the Intranet address.
Limits more than full cone NAT: ==IP address limits ==.
This type of NAT is not only related to the source IP address and source port, but also related to the destination IP address. Only the public IP address that the Intranet host is actively connected to can communicate with the Intranet host.
1.3 Port Restricted Cone NAT
All requests sent from the same Intranet (IP, port) are mapped to an extranet (IP, port), but the port restriction is added to the address constrained cone NAT.
In the cone-shaped NAT mode, only the public network host to which the Intranet host is actively connected can communicate with the Intranet host without worrying about whether the port number is the same as the requested one.
But port restricted cone NAT adds port restrictions in addition to IP restrictions. (IP, port1) is not allowed to communicate with the host except for (IP, port1), which is actively connected to the host. The NAT mapping is bound to the triplet of the packet
1.4 Symetric NAT (Symmetric NAT)
All requests sent from the same Intranet (IP address, port) to the same destination IP address and port are mapped to the same IP address and port. In other words (SIP, Sport, DIP, Dport) as long as one of these changes will use a different mapping entry, that is, the NAT mapping is bound to the packet quad.
It looks like a cone, but it’s actually one to one, so it’s called a symmetric NAT.
2. Summary
-
The first three types of NAT have one thing in common: as long as the request on the Intranet is the same (IP, port), NAT will be mapped to the same extranet (IP, port).
NAT types instructions The cone NAT Any public network host can communicate with it. Both sides can initiate Address restricted cone NAT Only the public network host that is actively connected to the Intranet can communicate with the Intranet host. The public network host can communicate with the internal network host through any port. Port restricted cone NAT Only the network host that is actively connected to the Intranet can communicate with the network host. The public network can communicate with it only through a fixed port. -
The last type of symmetric NAT: one mapping per connection (connections on the network are represented by a quadruple: [SIP, DIP, SPORT, DPORT])
NAT types instructions Symmetric NAT A NAT mapping is created based on a quad. If any item in the quad changes, the NAT mapping is changed. This shape maps both sides one to one and is therefore called a symmetric NAT
The similarities and differences between port-limited tapered NAT and symmetric NAT:
- Difference:
Cone NAT: As long as the requests from the same internal network (IP, Port) are mapped to the same public network (IP, Port), whether the IP is restricted or not should be irrelevant to the mapping…… (guess)
Symmetric NAT: Creates NAT mapping entries based on the quad (SIP, DIP,SPORT,DPORT). In other words, different NAT mapping entries may exist for accessing different public IP addresses from the same Intranet (IP, Port).
Although both types of NAT are related to the IP (Port) on the public network, one is one-to-many and the other is one-to-one, which is where the taper and symmetry come from.