Security IT/NAT
Appearance
nat was created as a response to the shrinking pool of IP addresses. in short, we get one variable IP address from an ISP defined from a specific APN, goes through the router and directs to a specific computer in own WAN network with private addresses.
bypass NAT restrictions
[edit | edit source]Full-cone NAT
[edit | edit source]usually do not need to do here, sometimes must use port forwarding
(Address)-restricted-cone NAT
[edit | edit source]- Run uPnP/NAT-PMP/UPnP-IGD/PCP
- Set static private IP, optionally DDNS.
- if doesn't work, use port forwarding
- If doesn't work, use Port Triggering
- If doesn't work, use DMZ
Port-restricted cone NAT
[edit | edit source]- use UDP hole punching
- if doesn't work, try TCP hole punching
- optionally, try ICMP hole punching
- UDP multi-hole punching (mirror)
Symmetric NAT
[edit | edit source]- sequential hole punching
- Use Supernode
Cgnat
[edit | edit source]Investigation
- The only reliable solution that I've found so far has been to use IPsec VPNs initiated from behind the NAT.
- ZeroTier can traversable CGNAT. If you follow the recommendations) (It mainly boils down to opening the port in the firewall) it is the probability that value
"tcpFallbackActive": false
For all types NAT (probably)
[edit | edit source]- Install zerotier and set bridge mode. It possible bypass NAT and open port