[ S N O M 4 S N A T F I L T E R ]
2.2.1 How does NAT work?
NAT is essentially a translation table that maps public IP address and ports combinations to private IP address and port combinations.
The translation table is implicitly set up when a packet is sent from the private network to the public network. The association is kept alive for a certain time and is refreshed every time a new packet is sent from the same origin. This fact is used by STUN (RFC3489) to set up an association between a public IP address and a private IP address.
In symmetrical NAT, the router stores the address where the packet was sent. Only packets coming from this address are forwarded to the private address. This algorithm increases the security as it is harder to guess the source IP and port for attackers. Full cone NAT does not per- form this check.
There are some mixed variants between full cone NAT and sym- metrical NAT. Restricted port NAT works similar to symmetrical NAT, but uses only one port association.
Hairpinning is the ability of the NAT to route packets coming from the private network and addressed towards a public IP address binding back to the private network. Not all routers support this feature.
2.2.2 Symmetrical RTP
Real time protocol (RTP) is used to transport media. Symmetrical RTP is a trick to extend the number of cases when communication can be established. A SIP user agent supporting symmetrical RTP waits for the first RTP packet coming in and then sends its media stream back to the IP address from which it received that packet. Symmetrical RTP al- ways works when the user agent doing symmetrical RTP is on a globally routable address. However, this algorithm can easily be cheated (port spraying) and therefore implies a certain security risk.
2.2.3 Signalling SIP
SIP traffic is relatively unproblematic because SIP typically is not as time critical as media. Usually, it is ok to route SIP packets through a longer path than media.
2.