Or how about we just avoid anything that uses the terms like "Mappings" and "NAT" and speed the adoption of IPv6 everywhere which already solves all of these problems.
*Spencer Ryan* | Senior Systems Administrator | sr...@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Mon, Jul 4, 2016 at 10:16 PM, Masataka Ohta < mo...@necom830.hpcl.titech.ac.jp> wrote: > Baldur Norddahl wrote: > > With end to end NAT, you can still configure your UPnP capable NAT >>> boxes to restrict port forwarding. >>> >> > Only if you by NAT mean "home network NAT". No large ISP has or will deploy >> a carrier NAT router that will respect UPnP. >> > > A large ISP should just set up usual NAT. In addition, the ISP > tells its subscriber a global IP address, a private IP address > and a small range of port numbers the subscriber can use and > set up *static* bi-directional port forwarding. > > If each subscriber is allocated 64 ports, effective address > space is 1000 times more than that of IPv4, which should be > large enough. > > Then, if a subscriber want transparency, he can set up his > home router make use of the bi-directional port forwarding > and his host reverse translation by nested port forwarding. > > That does not scale and is a >> security nightmare besides. >> > > It is merely because you think you must do it dynamically. > > But, if you want to run a server at fixed IP address > and port, port forwarding must be static. > > Masataka Ohta >