[Bug 219803] [patch] PF: implement RFC 4787 REQ 1 and 3 (full cone NAT)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jun 6 04:30:12 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219803
--- Comment #2 from Damjan Jovanovic <damjan.jov at gmail.com> ---
In its current state, the patch provides application with a NAT hole punching
capability. Unlike in a symmetric NAT, in any cone-type NAT, an internal UDP
application can negotiate to receive packets from a known peer, by using STUN
to create a external IP:port for its UDP socket and discover what they are,
communicating them to its peer and learning what external IP:port its peer is
using, and even if it's behind the most restrictive "ported-restricted cone"
NAT, it can just send 1 packet to its peer's IP:port to create a connection and
allow that peer to send packets back.
This works even if both peers are NATed, as long as at least 1 (the server) is
not a symmetric NAT.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list