NAT类型:
Full Cone NAT:
A full cone NAT is one where all requests from the same internal IP address and port are
mapped to the same external IP address and port. Furthermore, any external host can send
a packet to the internal host, by sending a packet to the mapped external address.
Restricted cone NAT:
A restricted cone NAT is one where all requests from the same internal IP address and
port are mapped to the same external IP address and port. Unlike a full cone NAT, an external
host (with IP address X) can send a packet to the internal host only if the internal host
had previously sent a packet to IP address X.
Port Restricted cone NAT:
A port restricted cone NAT is like a restricted cone NAT, but the restriction
includes port numbers. Specifically, an external host can send a packet, with source IP
address X and source port P, to the internal host only if the internal host had previously
sent a packet to IP address X and port P.
Symmetric NAT:
A symmetric NAT is one where all requests from the same internal IP address and port,
to a specific destination IP address and port, are mapped to the same external IP address and
port. If the same host sends a packet with the same source address and port, but to
a different destination, a different mapping is used. Furthermore, only the external host that
receives a packet can send a UDP packet back to the internal host.
除以上4中类型之外,客户端主机所在网络还可以为以下类型:
Opened:No NAT, public IP, no firewall.
Blocked:UDP is always blocked.
Symmetric UDP Firewall:No NAT, public IP, but symmetric UDP firewall.
STUN
协议是一个客户机/服务器协议,在公网上存在着大量的STUN服务器,用户可以通过在自己主机上运行STUN客户端远程连接STUN服务器来确认自身的网络状况.
测试过程
STUN服务器运行在UDP协议之上,它具有两个固定公网地址,能完成以下几个功能:
1. 告诉STUN客户端经NAT设备映射后的公网地址.
2.
根据STUN客户端的要求,从服务器的其他不同IP或端口向客户端回送包.
如何根据STUN服务器提供的功能来确认网络类型呢?
rfc3489给出了如下图过程:
+--------+
| Test |
|
I |
+--------+
|
|
V
/\
/\
N / Y