NAT-PMP and UDP broken

It seems like the implementation of NAT-PMP with UDP is broken or not well thought out.
For example if I mapwith NAT-PMP UDP port 1111 to a local machine with the same port, traffic destin to external port 1111 reaches my internal machine fine. The problem however lies with traffic generated from the internal machine with a source port of 1111. It doesn't get mapped to 1111 source while leaving the Airport Extream router, it gets mapped like regular traffic, on some high port.
Now this incorrect mapping causes a problem while talking with some peers that are also behind a NAT or Firewall. After talking to my device at port 1111, they expect the reply to come back with a source of 1111, which it doesn't so the P2P communications fails.
FYI every UPNP router I've tried correctly maps the outbound traffic.
This is with the latest firmware 7.3.2 on an Airport Extreme with 802.11n (gigabit ethernet).
I hope someone at apple reads this and can put this in a bug database.

I fixed my problem.
This old thread: http://discussions.apple.com/thread.jspa?messageID=6925383
talked about the exact problem I was seeing.
I had set a manual port map for my SlingBox in the AirPort's settings, not realizing that the SlingBox supports NAT-PMP and can auto configure its own port mapping wit the AirPort. Removing the manually mapped port worked.
Though it's not exactly the problem you are seeing, maybe you can check to see if there are any apps you are using for which you manually mapped a port, that can auto configure its own port mapping. It could be causing a conflict in the AirPort that screws up NAT-PMP.

Similar Messages

  • NAT-PMP in 7.2.1 still broken 6 months later

    The bug introduced in firmware 7.2.1 that crippled the functionality of NAT-PMP in the AEBSn is still active 6 months after its release. Seriously, when is Apple going to address this issue, let alone acknowledge that it even exists? Calling Apple support results in being told that my router is broken. Sorry, but that's a load of bull, as downgrading to an older firmware (the only effective workaround) eliminates the problem completely, though it unfortunately reintroduces older bugs. This response from Apple Support is alarming because it suggests that either Apple is unaware of the issue, or unwilling to admit it exists. I find this hard to believe, as this issue is well documented in numerous places, including this board, though they tend to get derailed by people trying to blame p2p clients (sorry, wrong). Why is Apple so resistant to admitting that they have an issue here? I was hoping that with the debut of Time Capsule, Apple would release a corresponding firmware update across the AEBSn line, but so far no joy. Very unprofessional and very disappointing.
    Threads with more information:
    http://discussions.apple.com/thread.jspa?threadID=1110798&tstart=90
    http://codelaide.com/blog/2007/09/21/news-on-the-721-airport-extreme-issue/

    I appreciate the effort, and don't take this the wrong way, but I'm somewhat baffled by your response. Instead of reading two extremely accurate and concise explanations for the problem being discussed, you decide that it's not worth your time; yet, you take the time to post an uninformed response anyway? That's quite a unique approach. Again, I mean no offense, I just find it odd.
    Anyway, more to the point: I'm not looking for a solution, but simply trying to keep this issue at the forefront until there is a fix in the form of a firmware update or an acknowledgement from Apple that a fix is on the way. The reason for this is simple: it has been six months and there currently is no solution, only workarounds. To make matters worse, Apple support seems to be utterly oblivious to this issue, which somewhat dampens the hope for a genuine fix.
    To address your comments directly: this has absolutely nothing to do with Leopard, or Airport drivers whatsoever. This is a firmware issue for the Airport Extreme Base Station that was introduced in the 7.2.1 update (7.2 for gigabit versions), well before Leopard even hit the streets. It affects all machines, windows and mac, and the issue disappears when you downgrade the AEBSn firmware. This is the workaround I have chosen, but the most obvious disadvantage to this is that it introduces older bugs fixed by 7.2.1. Manually forwarding ports, the second workaround and the one you suggest, is inelegant and impractical and should not be necessary with a functioning router.

  • Problems with NAT and UDP

    hi Everyone,
    I'm running a Cisco 3620 with two interfaces, a FE and an ADSL WIC, and I'm noticing some unexpected behaviour with NAT(ing) some UDP ports, here are the config rules in question:
    ip nat inside source static udp 192.168.100.26 14000 interface Dialer1  14000
    ip nat inside source static udp 192.168.100.26 14001 interface Dialer1  14001
    ip nat inside source static udp 192.168.100.26 14001 interface Dialer1  14002
    when I receive traffic through those ports, I see the following in
    show ip nat translations | include 14000
    udp 64.7.136.227:1038     192.168.100.26:14000  67.163.252.29:62564    67.163.252.29:62564
    udp 64.7.136.227:1039     192.168.100.26:14000   67.163.252.29:62564   67.163.252.29:62564
    udp 64.7.136.227:1040      192.168.100.26:14000  67.163.252.29:62564   67.163.252.29:62564
    udp  64.7.136.227:1041     192.168.100.26:14000  67.163.252.29:62564    67.163.252.29:62564
    udp 64.7.136.227:1042     192.168.100.26:14000   67.163.252.29:62564   67.163.252.29:62564
    udp 64.7.136.227:1043      192.168.100.26:14000  67.163.252.29:62564   67.163.252.29:62564
    udp  64.7.136.227:1044     192.168.100.26:14000  67.163.252.29:62564    67.163.252.29:62564
    udp 64.7.136.227:14000    192.168.100.26:14000   ---                   ---
    How can I make this NAT static so that every host originates from port 14000 rather then a dynamic one that is being assigned now?
    Any help is greatly appreaciated.
    Aleks

    Perhaps I wasn't clear enough in what I needed it to do, here's a show ip nat translations for another (working) NAT
    (d) port on the same router:
    tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:54375 xxx.xxx.xxx.xxx:54375
    tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:50183  xxx.xxx.xxx.xxx:50183
    tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:50891  xxx.xxx.xxx.xxx:50891
    tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:60443   xxx.xxx.xxx.xxx:60443
    tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:2897     xxx.xxx.xxx.xxx:2897
    tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:51890    xxx.xxx.xxx.xxx:51890
    Notice how the forwarded port is the same on the router interface (64.7.136.227:6667) accross all of the connections that have connected. Now this NAT rule behaves as it should, same syntax used as for the one I originally posted
    ip nat inside source static tcp 192.168.100.199 6667 interface Dialer1 6667
    the only difference is that this one gets properly assigned to the requested port, whereas these rules
    ip nat inside source static udp 192.168.100.26 14000 interface  Dialer1  14000
    ip nat inside source static udp 192.168.100.26  14001 interface Dialer1  14001
    ip nat inside source static udp  192.168.100.26 14001 interface Dialer1  14002
    have a dynamically assigned port on (64.7.136.227) interface, as the show ip nat translations shows:
    udp 64.7.136.227:1038     192.168.100.26:14000  67.163.252.29:62564     67.163.252.29:62564
    udp 64.7.136.227:1039     192.168.100.26:14000    67.163.252.29:62564   67.163.252.29:62564
    udp 64.7.136.227:1040       192.168.100.26:14000  67.163.252.29:62564   67.163.252.29:62564
    Basically how do I get the three rules to behave the same way as the one on top does...
    Thank you,
    Aleks

  • NAT PMP on Tiger server 10.4.11 and Back to my Mac

    Hey All,
    Here is my situation. Users from my internal network who are on Leopard OS are not able to use "Back to my Mac" feature to connect to their computers at home.
    I am using XServe Tiger 10.4.11 as the gateway/router
    Firewall is UP and running - Port 5900 is open though
    NAT is enable
    DHCP is up and running
    DNS is running.
    The error message i am getting from the client machine is
    "Back to my Mac isn't working properly because it requires a router that supports NAT Port Mapping Protocol (NAT-PMP).."
    I am very sure that it has to do something with my NAT, but i am not sure how or what to look for in there and what settings i should have as well.
    Any help or points to the right direction will be great.
    thanks
    -eric

    Only via the release notes page:
    * http://www.mozilla.com/en-US/firefox/4.0/releasenotes/
    For Mac OS X 10.4.11 or Mac OS X 10.5.8 you can look at:
    * http://www.floodgap.com/software/tenfourfox/
    Firefox 3.6.x can be found here:
    * http://www.mozilla.com/en-US/firefox/all-older.html

  • I travel for work and use iCloud - I can not use back to my mac because i use a Verizon MiFi wireless that does not have NAT-PMP or UPnP. Does anyone know of a way to get around this problem

    I travel for work and use iCloud - I can not use back to my mac because i use a Verizon MiFi wireless that does not have NAT-PMP or UPnP. Does anyone know of a way to get around this problem

    All ISP-provided equipment is junk. You could get a decent router and connect it to the Verizon router in bridge mode. It should cost about $ 30.

  • Back to my mac NAT-PMP

    What ports need to be enabled under NAT-PMP on a Westell (Netgear) 7550 router?  I know that BTMM works because I've used it in two different locations.  One in England and one in the USA.  Can connect to router and set NAT-PMP but for the life of me cannot find detailed info on what settings should be.

    I've configured the router as per
    "Well known TCP and UDP ports used by Apple software products"
    with the only question being which Port Number should be used for the LAN Port for UDP ports 49152-65535?  Just picked a random port of 63333.
    But still no joy on connecting.  Remote computer is in UK.  I'm trying to connect through AT&T in Florida.
    MacBook Pro (15-inch Core 2 Duo), Mac OS X (10.7.5)
    iMac 27", Yosemite  (UK)

  • NAT-PMP or UPnP Disabled

    I am trying to create a server for a game. I have downloaded Port Map to help set up the server to the internet. It says my router is incompatible and I need to enable my NAT-PMP or UPnP. I have clicked the Mac Help article that Port Map links to (http://support.apple.com/kb/HT1552). I open up the AirPort Utility and when it scans it can not find anything, and I can not click the "internet tab" that is needed for the rest of the instructions. Am I doing something wrong or have I missed something?

    Yes, but is your wireless router an Apple product (Airport Base Station, Airport Extreme or Time Capsule)?
    If it's a Linksys, DLink, or anything NON-Apple, then you can't use the Airport Utility to manage it...you'll have to find the instructions for it to learn what settings to configure it with correctly.

  • NAT-PMP on Westell 327W

    Can anyone tell me how to enable NAT-PMP on my router?

    I can try to help you, without using that stuff.
    #1 In the router go to Advanced -> IP Address Distribution
    #2 What is the DHCP Range of the router?
    #3 In the router go to Advanced -> UPnP.
    #4 Turn that feature off if you do not have at least two game consoles behind this router.
    #5 Look at this guide.
    http://portforward.com/english/routers/port_forwarding/Westell/A90-750015-07/A90-750015-07index.htm
    #6 Are the screens of your Westell like that guide?
    If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

  • Firmware 7.2.1 breaks NAT-PMP

    Ever since upgrading to 7.2.1, NAT-PMP no longer works for any program or device that uses it. For example, I can no longer access my Slingbox from outside my network and Azureus' NAT does not work properly. Now, I know how to manually forward ports and force these things to work (and manual configurations DO work just fine), but simply getting these things to work is not the issue here. The issue is that this was all handled automatically before the latest firmware upgrade. Resetting the base station or turning NAT-PMP off then back on doesn't correct the issue, but reverting to a prior version of the firmware does. I know that others are experiencing this issue, as I have seen mention of it on several message boards, but I was not able to find any mention of it here. Is this a known issue for this board and for Apple? Has anyone figured out a fix?
    Thanks.

    Sorry to dig up this old post, but it seems that it has been quite a while since anybody writes something about it.
    I recently find out that the NAT-PMP server on the AEBS seems to crash when executing some NAT-PMP commands.
    Running Transmission, however, will not crash the NAT-PMP server on the AEBS. Transmission is the only program that I found does not crash the NAT-PMP server.
    Once the NAT-PMP server crashes, it does not restart and thus other programs fails to use it.
    If anyone can confirm it for me, I think we are helping Apple nail down this problem and that they can issue a fix ASAP.
    The way I tested:
    1. I made sure that no programs that use NAT-PMP are running on my network.
    2. Restarted AEBS.
    3. When AEBS was restarted, I ran Transmission from computer 1 and got a Green light, saying port mapped successfully.
    4. Now I ran Azureus on computer 2, it did not say port mapping failed. However, when I quit Transmission and re-ran it on computer 1 it now fails to map the port.
    5. Quit Azureus and restarted AEBS, then Transmission. Viola! It mapped successfully again.
    6. Ran uTorrent on computer 3. uTorrent did not notify me about NAT-PMP error, and Transmission on computer 1 failed to map again.
    7. Quit uTorrent and restarted AEBS, and then again Transmission and it worked again.
    Of course I made sure they don't use the same port.

  • Adding manual port mapping breaks NAT-PMP???

    Hello,
    I recently got an Airport Extreme simultaneous dual band N router. Recently I noticed some odd behavior related to NAT-PMP.
    I turned on NAT-PMP in the Airport utility, and everything works fine (BTMM, other NAT-PMP aware apps). However, I added a manual port mapping for my SlingBox, because the AP does not have uPnP support. Once this manual port mapping is added, NAT-PMP breaks. Remove it, and it works again.
    Anyone know if this is a bug in the firmware (running 7.4.1), and/or knows how to fix it?
    Thanks!

    Hi,
    I'm getting the same problem. I, too, have a SlingBox, and I must manually have my SlingBox's port mapped. I also have manual port forwarding for iStat Server and for Transmission's web interface. Currently, when any of these manual port forwarding profiles are enabled/activated on my Airport Extreme base-station, NAT-PMP ceases to function at all (Transmission and SubEthaEdit both tell me they were unable to successfully map their respective ports). Is there any fix for this? If not, is Apple planning on releasing a firmware update for Airport Extremes fixing this problem? It's kinda ridiculous that an Airport Extreme can't handle manual and dynamic port forwarding concurrently.
    Any help on this topic would be greatly appreciated. Thanks in advance for any help I receive!
    Cheers,
    Sasha

  • Static NAT refresh and best practice with inside and DMZ

    I've been out of the firewall game for a while and now have been re-tasked with some configuration, both updating ASA's to 8.4 and making some new services avaiable. So I've dug into refreshing my knowledge of NAT operation and have a question based on best practice and would like a sanity check.
    This is a very basic, I apologize in advance. I just need the cobwebs dusted off.
    The scenario is this: If I have an SQL server on an inside network that a DMZ host needs access to, is it best to present the inside (SQL server in this example) IP via static to the DMZ or the DMZ (SQL client in this example) with static to the inside?
    I think its to present the higher security resource into the lower security network. For example, when a service from the DMZ is made available to the outside/public, the real IP from the higher security interface is mapped to the lower.
    So I would think the same would apply to the inside/DMZ, making 'static (inside,dmz)' the 'proper' method for the pre 8.3 and this for 8.3 and up:
    object network insideSQLIP
    host xx.xx.xx.xx
    nat (inside,dmz) static yy.yy.yy.yy
    Am I on the right track?

    Hello Rgnelson,
    It is not related to the security level of the zone, instead, it is how should the behavior be, what I mean is, for
    nat (inside,dmz) static yy.yy.yy.yy
    - Any traffic hitting translated address yy.yy.yy.yy on the dmz zone should be re-directed to the host xx.xx.xx.xx on the inside interface.
    - Traffic initiated from the real host xx.xx.xx.xx should be translated to yy.yy.yy.yy if the hosts accesses any resources on the DMZ Interface.
    If you reverse it to (dmz,inside) the behavior will be reversed as well, so If you need to translate the address from the DMZ interface going to the inside interface you should use the (dmz,inside).
    For your case I would say what is common, since the server is in the INSIDE zone, you should configure
    object network insideSQLIP
    host xx.xx.xx.xx
    nat (inside,dmz) static yy.yy.yy.yy
    At this time, users from the DMZ zone will be able to access the server using the yy.yy.yy.yy IP Address.
    HTH
    AMatahen

  • Can i run UDP  client and UDP  server socket program in the same pc ?

    hi all.
    when i execute my UDP client socket program and UDP server socket program in the same pc ,
    It's will shown the error msg :
    "Address already in use: Cannot bind"
    but if i run UDP client socket program in the remote pc and UDP server socket program run in local pc , it's will success.
    anybody know what's going on ?
    any help will be appreciated !

    bobby92 wrote:
    i have use a specified port for UDP server side , and for client define the server port "DatagramSocket clientSocket= new DatagramSocket(Server_PORT);"Why? The port you provide here is not the target port. It's the local port you listen on. That's only necessary when you want other hosts to connect to you (i.e. when you're acting as a server).
    The server should be using that constructor, the client should not be specifying a port.
    so when i start the udp server code to listen in local pc , then when i start UDP client code in local pc ,i will get the error "Address already in use: Cannot bind"Because your client tries to bind to the same port that the server already bound to.

  • 2012 TS Gateway and UDP

    I have a 2012 TS gateway for remote access for our Session Host server.
    The TS gateway is on the LAN and the Firewall forwards request from our external IP on to the TS Gateway, in the past 2008 and R2 we have just had 80 and 443 open  and it works fine, as it still does on 2012.
    I want to enable the 2012 UDP option 3391 so I asked our ISP to also open the UDP port 3391 both ways.
    Now RDS doesn't work properly, I can see in the TS Gateway monitoring that clients are connected http and usually 2 UDP connections, The Client when you click on the connection button we get connection is good or excellent and UDP is enabled.
    From the Client end the best way to explain the experience is things will work smoothly for a while then hang if you try to resize windows it takes a while to do, what is really interesting is if you set of a video in a portion of the screen this will continue
    to stream ok whilst the rest fails to redraw correctly.  Also interestingly if you move the Windows Media Player around the video moves around flawlessly but the surround stays where it was originally.
    Turn off UDP and things go back to normal, I would like UDP to work because on constrained connections the experience isn't brilliant.
    Is there anything I'm doing wrong should I ask for established related through the firewall? is there anything I can look at to see how I can improve this. 
    If I force an internal client to connect to the Gateway the UDP experience is absolutely fine. 
    Its a bit frustrating that I can only test this issue remotely.
    Any help would be appreciated, as the information on the internet is scanty
    Thanks Gordon.

    I have a 2012 TS gateway for remote access for our Session Host server.
    The TS gateway is on the LAN and the Firewall forwards request from our external IP on to the TS Gateway, in the past 2008 and R2 we have just had 80 and 443 open  and it works fine, as it still does on 2012.
    I want to enable the 2012 UDP option 3391 so I asked our ISP to also open the UDP port 3391 both ways.
    Now RDS doesn't work properly, I can see in the TS Gateway monitoring that clients are connected http and usually 2 UDP connections, The Client when you click on the connection button we get connection is good or excellent and UDP is enabled.
    From the Client end the best way to explain the experience is things will work smoothly for a while then hang if you try to resize windows it takes a while to do, what is really interesting is if you set of a video in a portion of the screen this will continue
    to stream ok whilst the rest fails to redraw correctly.  Also interestingly if you move the Windows Media Player around the video moves around flawlessly but the surround stays where it was originally.
    Turn off UDP and things go back to normal, I would like UDP to work because on constrained connections the experience isn't brilliant.
    Is there anything I'm doing wrong should I ask for established related through the firewall? is there anything I can look at to see how I can improve this. 
    If I force an internal client to connect to the Gateway the UDP experience is absolutely fine. 
    Its a bit frustrating that I can only test this issue remotely.
    Any help would be appreciated, as the information on the internet is scanty
    Thanks Gordon.
    Hi everyone
    This is funny, but just the same I experienced yesterday.
    The same issues i have now since i opened 3391 ono my firewall, to provide UDP connections.
    My 3 Server Setup:
    RDGW, RDCB, RDWEB (2012)
    RDSH1 (2012)
    RDSH2 (2012)
    I cannot exatly say when the disconnections are happening, but they are unreliable.
    When i block UDP Port on my firewall everything is normal again.
    It cannot be a network issue, i can reproduce this problem on different vSphere platforms.
    @Ryan Mangan
    Hey Ryan
    Regarding your suggestion on GP-Settings for Remote-FX, these policies are both not configured.
    As i understand, there is no need to configure them.
    Regards
    Ajdin

  • Communication between Windows 7 and Windows 8(and above) using Sockets(TCP and UDP)

    I need to use TCP and UDP using Sockets to communicate between two(or more) applications installed in Windows 7 and Windows 8.
    Is it possible.? I tried within a LAN, but in vain. If needed I would post the appropriate code.
    Note: I only tried running exe(s) in these machines and not with installation.

    Hello Prabodh.Minz,
    >>Is it possible.?
    It is not clear what develop language you are using, here are examples which uses the C# based on .NET. It created the communition between two machines by using sockets with TCP protocol, a server and a client:
    Synchronous example:
    Client and
    Server.
    Asynchronous example:
    Client and
    Server.
    Multi-client per one server - socket programming in .net(C#)
    >>Note: I only tried running exe(s) in these machines and not with installation.
    There are all .exe.
    Regards.
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Copy and Paste = Broken

    Is copy and paste broken on all MACs or just mine?
    Use case:
    Right click a file. Click copy
    Right click anywhere in an email, Click paste
    It pastes a link to the file (i.e. the location of the file on the PC) - totally useless if you are sending an email
    I checked some display MACs in various stores and they have the same fault
    I raise it with Apple 5 months ago but it is still not fixed
    Why did I waste my money on a MAC that don't work. Drives me mad.

    PS; I do not want a work around. I want the product I bought to work correctly

Maybe you are looking for

  • Can't start vanilla 8.1.4 platform managed server via NodeManager

    I cannot get a managed server to start via the NodeManager if I create a WL Platform domain. I CAN get it to work just fine if I create a regular WLS domain. I was wondering if anyone else has seen this behavior. Steps to Reproduce ==================

  • Computer authorization stuck in loop

    I am trying to authorzie a computer with Adobe Digital Edition 2.0.  I am using a windows 7 machine.  I try and download a book from the library it asks me to authorize my machine.  I do by entering the email address and password and entering.  Then

  • Want to replicate services for object functionality in my z- program

    Hi I can see the "Services for object functionality" in IW32 transaction. I want to replicate the same functionality for my custom program. Please let me know if I can get any pointers for this. Regards Swetabh

  • Mysql on Lion

    Hi, I am trying to get mysql and myphpadmin set up on a laptop with lion. When I try to start myphpadmin I get this error "Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP ins

  • I want to cancel and get a prorated refund

    Where do I go on the Adobe site to cancel and get a refund??