NAT Port Mapping Protocol
||This article is in a list format that may be better presented using prose. (April 2013)|
The NAT Port Mapping Protocol (NAT-PMP) is a network protocol for establishing network address translation (NAT) settings and port forwarding configurations automatically without user effort. The protocol automatically determines the external IPv4 address of a NAT gateway, and provides means for an application to communicate the parameters for communication to peers.
NAT-PMP was introduced in 2005 by Apple as an alternative to the more common ISO Standard Internet Gateway Device Protocol implemented in many NAT routers. The protocol was published as an informational Request for Comments (RFC) by the Internet Engineering Task Force (IETF) in RFC 6886.
This protocol has no built-in authentication mechanisms, resulting in opening itself to abuse. Protocol design treats all hosts belonging to the router's local network as trusted and allows them to freely "punch" holes through the network firewall. Though extremely convenient, such a relaxed design opens itself to easy exploiting by malicious software running on any computer that belongs to the local network, or by any rogue computers that manage to gain access to the local network. As a result, intruders can access otherwise firewalled local network services by abusing malicious "holes" punched through the firewall.
Some of the NAT-PMP implementations aim to mitigate those issues by enforcing constraints to port mappings.
- Baresip, a modular SIP client with audio and video support.
- BarracudaDrive, Internet File Server, uses NAT-PMP to Internet enable the server.
- BitTorrent file-sharing clients:
- Colloquy, an Internet Relay Chat client.
- Crashplan, an offsite backup program.
- Presence, a remote file access application for Mac OS X, iPhone and iPad.
- Folx, a downloader for Mac, used for torrents or normal downloads.
- FreeSWITCH, an open source telephony platform.
- Limewire, a Gnutella file-sharing client.
- Mac OS X 10.4 and above.
- MobileMe, Apple Inc's mobile device synchronization service.
- natpmpd, a software implementation of NAT-PMP for OpenBSD
- Nicecast, a music streaming program.
- Nmap, Network security scanner.
- Port Map, a manual port mapping configuration software for OS X.
- Retroshare, a friend-to-friend email, instant messaging, BBS and file-sharing client.
- ShareTool, an automated VPN program for OS X.
- Stallone, a software implementation of NAT-PMP for linux/iptables
- Skype, An internet telephony program.
- sP2P, General purpose NAT traversal/peer-to-peer networking API
- Synology DiskStation Manager (DSM 4.2)
- TomP2P, a Java-based DHT implementation using NAT-PMP
Manufacturer and model, with firmware version tested:
- 2Wire 3801HGV
- AirPort Express
- AirPort Extreme
- AirPort Time Capsule
- AstLinux 1.0.4+, with MiniUPnP daemon
- OpenWrt v8.09 or higher, with MiniUPnP daemon 
- pfSense v2.0, with MiniUPnP daemon
- Tarifa (firmware) (Linksys WRT54G/GL/GS)
- Tomato Firmware v1.24 or higher. (Linksys WRT54G/GL/GS and many more)
- WL500g Project v184.108.40.206-rtn or higher (ASUS RT-N16, WL-500GP and many more)
- Peplink Balance
- ZyXEL HES-319M
- Netgear Genie WNDR3700v2, firmware v220.127.116.11
- Asus RT-N66U firmware v18.104.22.168.374_720
- RFC 6886, NAT Port Mapping Protocol (NAT-PMP), S. Cheshire & M. Krochmal (April 2013)
- ISO/IEC 29341, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1185
- RFC 6887, Port Control Protocol (PCP), Wing, Cheshire, Boucadair, Penno & Selkirk (April 2013)
- "AstLinux: Universal Plug'n'Play (NAT-PMP and UPnP)". AstLinux. Retrieved 2013-09-15.
- "nat-pmp-info NSE Script". Nmap. Retrieved 2013-09-15.
- "Stallone". Retrieved 2013-10-23.
- "Universal Plug'n'Play and NAT-PMP on OpenWrt - OpenWrt Wiki". OpenWrt. Retrieved 2013-09-15.