NAT Types

Full-cone NAT, also known as one-to-one NAT

After client sends a UDP packet

from IP address A, port B

to   IP address E, port F

then any UDP packet sent to C:D will be forwarded to A:B.

+--------+     +---------+             +----------+

| client |     |   nat   |             | server 1 |

|        |     |         |             |          |

|    [A:B]-----+-----[C:D]------------>[E:F]      |

|    [A:B]<----+-----[C:D]<------------[E:F]      |

|        |     |         |  \          |          |

+--------+     +---------+   \         +----------+

                              \

                               \       +----------+

                                \      | server 2 |

                                 \     |          |

                                  \    [G:H]      |

                                   \---[G:H]      |

                                       |          |

                                       +----------+

(Address)-Restricted-cone NAT

After client sends a UDP packet

from IP address A, port B

to   IP address E, port F

then any UDP packet sent from E to C:D will be forwarded to A:B.

Packets from other IP addresses will be dropped.

+--------+     +---------+             +----------+

| client |     |   nat   |             | server 1 |

|        |     |         |             |          |

|    [A:B]-----+-----[C:D]------------>[E:F]      |

|    [A:B]<----+-----[C:D]<------------[E:F]      |

|        |     |         |             |          |

+--------+     +---------+  X          +----------+

                             \

                              \        +----------+

                               \       | server 2 |

                                \      |          |

                                 \     [G:H]      |

                                  \----[G:H]      |

                                       |          |

                                       +----------+

Port-restricted-cone NAT

After client sends a UDP packet

from IP address A, port B

to   IP address E, port F

then any UDP packet sent from E:F to C:D will be forwarded to A:B.

Packets from other ports        will be dropped.

Packets from other IP addresses will be dropped.

+--------+     +---------+             +----------+

| client |     |   nat   |             | server 1 |

|        |     |         |             |          |

|    [A:B]-----+-----[C:D]------------>[E:F]      |

|    [A:B]<----+-----[C:D]<------------[E:F]      |

|        |     |         |             |          |

+--------+     +---------+  X          |          |

                             \         [E:H]      |

                              \--------[E:H]      |

                                       |          |

                                       +----------+

Not shown in the above diagram:

If the client sends a second packet from A:B to E:H,

then packets from E:H to C:D will be forwarded to A:B.

Symmetric NAT

After client sends a UDP packet

from IP address A, port B

to   IP address E, port F

then any UDP packet sent from E:F to C:D will beforwarded to A:B.

Packets from other ports        to C:D will be dropped.

Packets from other IP addresses to C:D will be dropped.

If the client sends a second UDP packet

from IP address A, port B

to   IP address E, port H

then any UDP packet sent from E:H to C:I will be forwarded to A:B.

Packets from other ports        to C:I will be dropped.

Packets from other IP addresses to C:I will be dropped.

+--------+     +---------+             +----------+

| client |     |   nat   |             | server 1 |

|        |     |         |             |          |

|        |     |  /--[C:D]------------>[E:F]      |

|        |     | /---[C:D]<------------[E:F]      |

|    [A:B]-----+*        |             |          |

|    [A:B]<----+*        |             |          |

|        |     | \---[C:I]------------>[E:H]      |

|        |     |  \--[C:I]<------------[E:H]      |

|        |     |         |             |          |

+--------+     +---------+             +----------+