穿透NAT的实验——NAT的类型

RFC3489:
Full Cone: A full cone NAT is one where all requests from the
same internal IP address and port are mapped to the same external
IP address and port. Furthermore, any external host can send a
packet to the internal host, by sending a packet to the mapped
external address.
Restricted Cone: A restricted cone NAT is one where all requests
from the same internal IP address and port are mapped to the same
external IP address and port. Unlike a full cone NAT, an external
host (with IP address X) can send a packet to the internal host
only if the internal host had previously sent a packet to IP
address X.
Port Restricted Cone: A port restricted cone NAT is like a
restricted cone NAT, but the restriction includes port numbers.
Specifically, an external host can send a packet, with source IP
address X and source port P, to the internal host only if the
internal host had previously sent a packet to IP address X and
port P.
Symmetric: A symmetric NAT is one where all requests from the
same internal IP address and port, to a specific destination IP
address and port, are mapped to the same external IP address and
port. If the same host sends a packet with the same source
address and port, but to a different destination, a different
mapping is used. Furthermore, only the external host that
receives a packet can send a UDP packet back to the internal host.

完全锥形：
所有来自相同的内部地址、端口的请求，被映射为相同的外部地址、端口。并且，
任何外部主机都可以通过发送数据包到映射的外部地址、端口，从而把数据包发送
到内部主机。
请求方通过公网的服务器得知内网主机的外网映射，就可以将数据包发往此内网主
机。
受限锥形：
所有来自相同的内部地址、端口的请求，被映射为相同的外部地址、端口。与完全
锥形NAT不同的是，外部主机(IP地址是X)只有在内部主机向外部IP地址X发送过数
据包的情况下才能把数据包发送到内部主机。
请求方通过公网的服务器发送请求，使内网主机向请求方发送一个数据包，即可将
数据包发往此内网主机。
端口受限锥形：
与受限锥形相似，但是增加了端口的限制。明确的说，外部主机只有在内部主机向
外部IP地址X、端口P发送过数据包的情况下，才能以IP地址X、端口P向内部主机发
送数据包。
请求方使用类似受限锥形的解决方法。
并行：
所有来自相同内部地址、端口，发往相同外部地址、端口的请求，被映射为同一个
地址、端口。如果相同的主机以相同的IP地址、端口把数据包发送到不同的外部IP
地址、端口，将会使用不同的映射。并且，仅有收到过内网发出的数据包的外部主
机才能把数据包发送回内网主机。
请求方使用类似受限锥形的解决方法。但是如果请求方与被请求方处于相同的NAT
后面，将不能相互发送数据包。