Determining NAT Mapping Behavior
This will require at most three tests. In test I, the client
performs the UDP connectivity test. The server will return its
alternate address and port in OTHER-ADDRESS in the binding response.
If OTHER-ADDRESS is not returned, the server does not support this
usage and this test cannot be run. The client examines the XOR-
MAPPED-ADDRESS attribute. If this address and port are the same as
the local IP address and port of the socket used to send the request,
the client knows that it is not NATed and the effective mapping will
be Endpoint-Independent.
In test II, the client sends a Binding Request to the alternate address, but primary port. If the XOR-MAPPED-ADDRESS in the Binding Response is the same as test I the NAT currently has Endpoint- Independent Mapping. If not, test III is performed: the client sends a Binding Request to the alternate address and port. If the XOR- MAPPED-ADDRESS matches test II, the NAT currently has Address- Dependent Mapping; if it doesn’t match it currently has Address and Port-Dependent Mapping.
Determining NAT Filtering Behavior This will also require at most three tests. These tests are
sensitive to prior state on the NAT.
In test I, the client performs the UDP connectivity test. The server
will return its alternate address and port in OTHER-ADDRESS in the
binding response. If OTHER-ADDRESS is not returned, the server does
not support this usage and this test cannot be run.
In test II, the client sends a binding request to the primary address
of the server with the CHANGE-REQUEST attribute set to change-port
and change-IP. This will cause the server to send its response from
its alternate IP address and alternate port. If the client receives
a response, the current behavior of the NAT is Endpoint-Independent
Filtering.
If no response is received, test III must be performed to distinguish
between Address-Dependent Filtering and Address and Port-Dependent
Filtering. In test III, the client sends a binding request to the
original server address with CHANGE-REQUEST set to change-port. If
the client receives a response, the current behavior is Address-
Dependent Filtering; if no response is received, the current behavior
is Address and Port-Dependent Filtering.
Independent Mapping, Independent Filter = Fullcone NAT
Independent Mapping, Address Dependent Filter = Restricted Cone NAT
Independent Mapping, Port Dependent Filter = Port-Restricted Cone NAT
Dependent Mapping = Symmetric NAT