On Mon, Mar 12, 2007 at 05:04:44PM +0000, Michael Rogers wrote:
> Matthew Toseland wrote:
> > I was
> > under the impression that the difference between port restricted and
> > symmetric was precisely this - that a symmetric NAT would allocate a
> > new port for every { source port, source IP, dest port, dest IP },
> > whereas a port restricted cone will usually reuse the port, and just
> > ignore packets coming from IPs other than ones we have sent packets to?
>
> That sounds right, but to muddy the waters even further some people have
> abandoned the "full cone/restricted cone/port restricted cone/symmetric"
> terminology because it doesn't cover all possible combinations of
> mapping and filtering behaviour - see tables 6 and 8 of the STUNT paper:
>
> http://nutss.gforge.cis.cornell.edu/pub/imc05-tcpnat.pdf
>
> Roughly speaking, it looks like 70% of NATs can punch UDP holes to each
> other, and some of the 70% can punch holes to some of the remaining 30%.
> This is much worse than I thought - the real world success rate could
> be anywhere between 49% and 91%, depending on the value of "some".
>
> Port prediction works for 94% of NATs after a few retries, but it
> requires out-of-band communication...
Out-of-band communication is possible ... sometimes. :|
>
> Cheers,
> Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/tech/attachments/20070315/9011b972/attachment.pgp>
