VersionIHLTotal Length FlagsIdentificationFragment Offset Time To Live Destination Address OptionsPadding Protocol = 6 Type of Service IP Header TCP Destination Port Source Port Sequence Number Acknowledgment Number Data offset FINFIN SYNSYN URGURG ACKACK PSHPSH RSTRST Window Urgent Pointer Padding TCP Options TCP Data Source Address Header Checksum Checksum

Public Internet Private Address Realm Source: Dest: Source: Dest:  Host A Host B

Host A Host B Site NAT Public Internet Private Address Realm Source: /2000 Dest: /80 Source: Dest: /2000 Source: /3000 Dest: /80 Source: /80 Dest: /3000 NAT Binding / / 3000

Host A Host B Site NAT Host C Port 90 Port 91 Port 90 Port 91 Port 2001 NAT Binding NAT Filter Local Addr / Port  External Addr / Port -- External Access Mask A / 2001  Z / B / 90 Initial Packet Source: A / 2001 Dest: B / 90 Source: Z / 3001 Dest: B / 90   

Host A Host B Site NAT Host C Port 90 Port 91 Port 90 Port 91 Port 2001 NAT Binding NAT Filter Local Addr / Port  External Addr / Port -- External Access Mask A / 2001  Z / * / * Initial Packet Source: A / 2001 Dest: B / 90 Source: Z / 3001 Dest: B / 90

Host A Host B Site NAT Host C Port 90 Port 91 Port 90 Port 91 Port 2001 NAT Binding NAT Filter Local Addr / Port  External Addr / Port -- External Access Mask A / 2001  Z / B / * Initial Packet Source: A / 2001 Dest: B / 90 Source: Z / 3001 Dest: B / 90  

Host A Host B Site NAT Host C Port 90 Port 91 Port 90 Port 91 Port 2001 NAT Binding NAT Filter Local Addr / Port  External Addr / Port -- External Access Mask A / 2001  Z / * / 90 Initial Packet Source: A / 2001 Dest: B / 90 Source: Z / 3001 Dest: B / 90  

STUN Request To alternate Addr and Port Response? Same IP Addr and Port? Same IP Addr and Port? STUN Request Change Response: Addr and Port STUN Request Change Response:Port UDP Blocked N Y Response? UDP FirewallOpen Internet STUN Request Change Response: Addr and Port Response? Full Cone NAT Response? Symmetric NAT Restricted NAT Port Restricted NAT N N N N N Y Y Y Y Y

Host A Site NAT Host D NAT Binding NAT Filter Local Addr / Port  External Addr / Port -- External Access Mask A / 2001  Z / * / 2001 D / 2002  Y / * / 2002 Port 2001 Port 2002 Source: D / 2002 Dest: Z / 3001 Source: Y / 3002 Dest: Z / 3001 Source: Y / 3002 Dest: A / 2001

Port y1 Host X Host Y1 Site NAT Host Y2 Port x NAT Binding NAT Filter Local Addr / Port  External Addr / Port -- External Access Mask X / x  X1 / x1 -- ? / ? Source: X / x Dest: Y1 / y1 Source: X1 / x1 Dest: Y1 / y1 Port y2 Source: Y2 / y2 Dest: X / x Source: Y2/ y2 Dest: X1 / x1 Use Address and Port X1 / x1