1.NAT Addressing and Port Mapping
1.
The NAT reuses the port mapping for subsequent packets sent from the same internal IP address and port (X:x) to any external IP address and port. Specifically, X1':x1' equals X2':x2' for all values of Y2:y2.
对于从内网IP和端口(X:x)发向外网任意IP和端口的数据,NAT会进行端口重用。
2.
The NAT reuses the port mapping for subsequent packets sent from the same internal IP address and port (X:x) to the same external IP address, regardless of the external port. Specifically, X1':x1' equals X2':x2' if and only if, Y2 equals Y1.
对于从内网IP和端口(X:x)发向外网相同IP(端口可以不同)的数据,NAT会进行端口重用。
3.
The NAT reuses the port mapping for subsequent packets sent from the same internal IP address and port (X:x) to the same external IP address and port while the mapping is still active. Specially, X1':x1' equals X2:x2' if and only if Y2:y2 equals Y1:y1.
对于从内网IP和端口(X:x)发向外网相同IP和相同端口的数据,NAT会进行端口重用。
REQ-1: A NAT MUST have an "Endpoint-Independent Mapping" behavior.
2.NAT Filtering Behavior
The key behavior to describe is what criteria are used by the NAT to filter packets originating from specific external endpoints.
主要行为描述了NAT过滤来自特定外部端口的数据所使用的规则。
1.
The NAT filters out only packets not destined to the internal address and port X:x, regardless of the external IP address and port source (Z:z). The NAT forwards any packets destined to X:x. In other words, sending packets from the internal side of the NAT to any external IP address is sufficient to allow any packets back to the internal endpoint.
NAT过滤掉那些未指向内网地址和端口(X:x)的数据,不管外网的IP和端口来自哪里。NAT转发所有发向内网X:x的数据,换句话说,来者不拒,只要是指向X:x。
2.
The NAT filters out packets not destined to the internal address X:x. Additionally, the NAT will filter out packets from Y:y destined for the internal endpoint X:x if X:x has not sent packets to Y previously(independently of the port used by Y). In other words, for receiving packets from a specific external endpoint, it is necessary for the internal endpoint to send packets first to that specific external endpoint's IP address.
NAT过滤掉那些未指向内网地址和端口(X:x)的数据,同时,也会过滤那些非请自来的包(X:x),X:x在接收包之前没有向其地址发送过数据(不关心发送方的端口)。
3.
This is similar to the previours behavior, except that the external port is also relevant. The NAT filters out packets not destined for the internal address X:x. Additionally, the NAT will filter out packets from Y:y destined for the internal endpoint X:x if X:x has not sent packets to Y:y previously. In other words, for receiving packets from a specific external endpoint, it is necessary for the internal endpoint to send packets first to that external endpoint's IP address and port.
NAT过滤掉那些未指向内网地址和端口(X:x)的数据,同时,也会过滤那些非请自来的包(X:x),X:x在接收包之前没有向其地址和端口发送过数据。
REQ-8: If application transparency is most important, it is RECOMMENDED that a NAT have an "Endpoint-Independent Filtering" behavior. If a more stringent filtering behavior is most import, it is RECOMMENDED that a NAT have an "Address-Dependent Filtering" behavior.
The filtering behavior MAY be an option configurable by the administrator of the NAT.