Comment by xorcist

18 hours ago

I think we agree. Of course a NAT router with an application proxy such as FTP or SIP can relay and rewrite traffic as needed.

TCP and UDP have port numbers that the NAT software can extract and keep state tables for, so we can send the return traffic to its intended destination.

For unknown IP protocols that is not possible. It may at best act like network diode, which is one way of violating the end-to-end principle.

2 comments

xorcist

gruturo 10 hours ago

Actually the observation about ports being mostly a TCP/UDP feature is a very good point I had failed to consider. This would indeed greatly limit the ability of a NAT gateway - it could keep just a state table of IP src/dst pairs and just direct traffic back to its source, but it's indeed very crude. Thanks for bringing it up!

Hikikomori 17 hours ago

You can NAT on IP protocol as well, just not to more than one per external IP.