Odd question for this forum, but when you’re using NAT with UDP, are port numbers maintained? If you open a UDP port on 192.168.0.1:54321 and send out packets, the outside world might see your address as bob.myip.com… but would the port be arbitary, or kept at 54321 ?
Thanks for any help,
Kev
In experiments I’ve been doing (using a PC connected over GPRS through my operator’s NAT/firewall to the Internet), servers always see my IP address as that of the NAT/firewall, and see a port number assigned by the NAT/firewall (from an incrementing sequence). If I send another UDP packet within a minute or so it has the same port number, otherwise it gets a new port number (and the old NAT mapping becomes invalid). The NAT/firewall will allow the server to send UDP packets back to me through this mapping (its IP address and this assigned port number), but won’t accept UDP packets through this mapping from any other server.
(It uses the same type of mapping for TCP connections, but the mapping remains valid for the lifetime of the TCP connection).
Yep thats right.
If you want to get return packets you need to map a port on the
NAT firewall to forward UDP packets back to your machine.
Now I understand there are some recent clever NAT firewalls that watch the packets going out and attempt to guess at the mapping back the other way for you…
Infact, any real gateway should do this guessing (re: Linux iptables) if you configure UDP masquerading… but… if the ports don’t stay the same you’re kinda frigged if both server and client can be behind gateways and UDP connections come up on arbitary ports…
And so… on to the next design 
Kev
My limited experience matches Kev’s: receiving UDP responses is no problem if they come from the same machine I sent the request to, and within a minute of my sending the request. It’s easy enough to send ‘keep-alive’ packets to stop the mapping being lost.
If both client and server are behind this kind of firewall, then yes indeed you’re stuffed. For this reason, UDP is useless for peer-to-peer phone games, at least if the NAT/firewalls behave as my operators’ do (highly probable, I think).
But if the server is behind a firewall that you’re able to configure (e.g. that on my home machine), you’re typically able to specify some fixed UDP ports that don’t get mapped, and then clients can connect to your machine no problem.
Coincidently, thats exactly what I’ve ended up doing
Kev