NAT Port Mapping Protocol
The NAT Port Mapping Protocol (NAT-PMP) is a network protocol for establishing network address translation (NAT) settings and port forwarding configurations automatically without user effort.[1] The protocol automatically determines the external IPv4 address of a NAT gateway, and provides means for an application to communicate the parameters for communication to peers.
NAT-PMP was introduced in 2005 by Apple as an alternative to the more common ISO Standard[2] Internet Gateway Device Protocol implemented in many NAT routers. The protocol was published as an informational Request for Comments (RFC) by the Internet Engineering Task Force (IETF) in RFC 6886.
NAT-PMP is the precursor to the Port Control Protocol (PCP).[3]
Operation
NAT-PMP runs over the User Datagram Protocol (UDP) and uses port number 5351.
This protocol has no built-in authentication mechanisms, resulting in opening itself to abuse. Protocol design treats all hosts belonging to the router's local network as trusted and allows them to freely "punch" holes through the network firewall. Though extremely convenient, such a relaxed design opens itself to easy exploiting by malicious software running on any computer that belongs to the local network, or by any rogue computers that manage to gain access to the local network. As a result, intruders can access otherwise firewalled local network services by abusing malicious "holes" punched through the firewall.[1]
Some of the NAT-PMP implementations aim to mitigate those issues by enforcing constraints to port mappings.[4]
Support
Lua error in package.lua at line 80: module 'strict' not found.
Applications supporting NAT-PMP include the following:
<templatestyles src="Div col/styles.css"/>
- Baresip, a modular SIP client with audio and video support.
- BitTorrent file-sharing clients: Bitcomet, BitTorrent, Deluge, Frostwire, qBittorrent, Transmission, µTorrent and Vuze
- Colloquy, an Internet Relay Chat client.
- Crashplan, an offsite backup program.
- Folx, a downloader for Mac, used for torrents or normal downloads.
- FreeSWITCH, an open source telephony platform.
- Limewire, a Gnutella file-sharing client.
- Mac OS X 10.4 and above.
- MobileMe, Apple Inc's mobile device synchronization service.
- Nicecast, a music streaming program.
- Nmap, Network security scanner.[5]
- Retroshare, a friend-to-friend email, instant messaging, BBS and file-sharing client.
- Skype, An internet telephony program.
- Synology DiskStation Manager (DSM 4.2)
Routers supporting NAT-PMP include the following, listing the manufacturer, model, and tested firmware version:
<templatestyles src="Div col/styles.css"/>
- 2Wire 3801HGV
- AirPort Express, Extreme and Time Capsule
- DD-WRT
- Ubiquiti EdgeMAX EdgeRouters, firmware v1.4.0 or higher
- OpenWrt v8.09 or higher, with MiniUPnP daemon [6]
- pfSense v2.0, with MiniUPnP daemon
- Tomato Firmware v1.24 or higher. (Linksys WRT54G/GL/GS and many more)
See also
References
<templatestyles src="Reflist/styles.css" />
Cite error: Invalid <references> tag; parameter "group" is allowed only.
<references />, or <references group="..." />External links
- Bonjour Protocol Specifications
- another NAT-PMP explanation
- MiniUPnP ANSI C, BSD-licensed library that supports UPnP and NAT-PMP traversal (client and server)
- ↑ 1.0 1.1 RFC 6886, NAT Port Mapping Protocol (NAT-PMP), S. Cheshire & M. Krochmal (April 2013)
- ↑ ISO/IEC 29341, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1185
- ↑ RFC 6887, Port Control Protocol (PCP), Wing, Cheshire, Boucadair, Penno & Selkirk (April 2013)
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
