What does Port restricted NAT mean and how to (presumably) fix it?

Wpq · August 3, 2022, 10:20am

From Syncthing 1.20.4

(...)
[AE2FS] 2022/08/03 12:04:20 INFO: New NAT port mapping: external TCP address 0.0.0.0:24652 to local address [::]:22000.
[AE2FS] 2022/08/03 12:04:20 INFO: New NAT port mapping: external TCP address 0.0.0.0:43435 to local address [::]:22000.
[AE2FS] 2022/08/03 12:04:20 INFO: Detected 2 NAT services
[AE2FS] 2022/08/03 12:04:29 INFO: quic://0.0.0.0:22000 detected NAT type: Port restricted NAT
[AE2FS] 2022/08/03 12:04:29 INFO: quic://0.0.0.0:22000 resolved external address quic://86.238.84.44:22000 (via stun.syncthing.net:3478)
[AE2FS] 2022/08/03 12:04:41 INFO: Joined relay relay://185.86.148.197:22067
(...)

What does Port restricted NAT mean and how to (presumably) fix it?

imsodin · August 3, 2022, 10:49am

It’s an INFO level log, it doesn’t need fixing. As to what it means: Network address translation - Wikipedia

Wpq · August 3, 2022, 11:40am

Sorry for not having been clear. I do not have a problem with NAT, it is just that I have never seen “Port restricted NAT” and wonder what this is.

I finally dug up RFC3489

5.  NAT Variations

   It is assumed that the reader is familiar with NATs.  It has been
   observed that NAT treatment of UDP varies among implementations.  The
   four treatments observed in implementations are:

   Full Cone: A full cone NAT is one where all requests from the
      same internal IP address and port are mapped to the same external
      IP address and port.  Furthermore, any external host can send a
      packet to the internal host, by sending a packet to the mapped
      external address.

   Restricted Cone: A restricted cone NAT is one where all requests
      from the same internal IP address and port are mapped to the same
      external IP address and port.  Unlike a full cone NAT, an external
      host (with IP address X) can send a packet to the internal host
      only if the internal host had previously sent a packet to IP
      address X.

   Port Restricted Cone: A port restricted cone NAT is like a
      restricted cone NAT, but the restriction includes port numbers.
      Specifically, an external host can send a packet, with source IP
      address X and source port P, to the internal host only if the
      internal host had previously sent a packet to IP address X and
      port P.

The relevant part is

Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.

One learns every day (I had no idea that these various NATs I am using for years did have actual names :))

system · September 2, 2022, 11:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.