NAT and UDP source port

0

My question is somewhat extending on this discussion: NAT and UDP replies

Scenario: Machine A behind NAT Machine B on the internet

  1. machine A:Port M sends a UDP packet to Machine B:PortN
  2. Machine B:Port N sends reply to machine A:Port M (I know that there is a NAT translation in the middle which is transparent to both machines)

Will the NAT mechanism on machine A's public router work, if the source port of machine B is different. That is, replacing step 2 with the following still work and machine A receive UDP reply from machine B:
2. Machine B: Port Z sends reply to machine A:Port M

This probably won't work or else it will be a security risk? OR Depends on how NAT is configured?

guest_1234

Posted 2015-02-19T07:48:29.603

Reputation: 1

Answers

0

Normally you have a statefull inspections router or firewall. This means the device "sees" a new connection and remembers the connection partners, the ports and the protocol. So if you start a new connection request the router recongnize that this is udp connection and an answer will be expected. So when the answer commes back the router will nat the back going backages as well. So if you change the source port of machine B, the replay would not work.

ciao ryder

ryder

Posted 2015-02-19T07:48:29.603

Reputation: 147

Thank you! That's what I expected.To make it work, port forwarding needs to be setup using say STUN, IGD, Port Control Protocol or manual configuration. – guest_1234 – 2015-02-20T02:42:56.110

0

NAT isn't completely standardized, so it is impossible to say what will or will not work. Having said that, there are protocols for this sort of thing that usually work. I'd suggest using something like STUN (Session Traversal Utilities for NAT) to handle the setup of the network translations in the NAT box to enable your communications to work.

Fred

Posted 2015-02-19T07:48:29.603

Reputation: 1 205

Asked: 2015-02-19T07:48:29.603

Viewed: 219 times

Active: 2015-02-19T14:12:34.057