On 2013-08-06, Nathan Goings <binarysp...@binaryspike.com> wrote: > I'm dealing with old software that uses old NAT traversal techniques. I > specifically need to select the NAT variation as defined by RFC 3489 > (section 5). > > Generally I've used nat-to's 'static-port' option and gotten around this > issue. After adding some clients host-side, it seems like NAT traversal > isn't working. > > Suppose I have this NAT rule: > pass out on $external_int from <conenat> nat-to $external_int static-port > > What NAT variation does OpenBSD implement by default? > > Wikipedia page on NAT variation (port translation): > http://en.wikipedia.org/wiki/Network_address_translation#Methods_of_port_translation > >
Normally port-restricted cone, or with static-port it's similar to symmetric (but obviously static-port can't work when two internal machines use the same port). With increasing use of cgnat in some large service provider networks you can be sure to see more nat-related problems with v4 over time... Is VPN or IPv6 an option instead?