NAT Port Mapping Protocol
||This article is in a list format that may be better presented using prose. (April 2013)|
NAT Port Mapping Protocol (NAT-PMP) is an Internet Engineering Task Force RFC, introduced in 2005 by Apple as an alternative to the more common ISO Standard  Internet Gateway Device (IGD) Standardized Device Control Protocol implemented in many network address translation (NAT) routers. NAT-PMP allows a computer in a private network (behind a NAT router) to automatically configure the router to allow parties outside the private network to contact it. NAT-PMP runs over UDP port 5351. It essentially automates the process of port forwarding. NAT-PMP was the precursor to Port Control Protocol (PCP).
Included in the protocol is a method for retrieving the public IP address of a NAT gateway, thus allowing a client to make this public IP address and port number known to peers that may wish to communicate with it. This protocol is implemented in the applications listed below.
This protocol has no built-in authentication mechanisms, thus opening itself to abuse. Protocol design treats all hosts belonging to the router's local network as trusted and allows them to freely "punch" holes through the network firewall. Though extremely convenient, such a relaxed design opens itself to easy exploiting by malicious software running on any computer that belongs to the local network, or by any rogue computers that manage to gain access to the local network. As a result, intruders can access otherwise firewalled local network services by abusing malicious "holes" punched through the firewall.
Some of the NAT-PMP implementations are trying to mitigate those issues by enforcing constraints to port mappings.
- Baresip, a modular SIP client with audio and video support.
- BarracudaDrive, Internet File Server, uses NAT-PMP to Internet enable the server.
- BitTorrent file-sharing clients:
- Colloquy, an Internet Relay Chat client.
- Crashplan, an offsite backup program.
- Presence, a remote file access application for Mac OS X, iPhone and iPad.
- Folx, a downloader for Mac, used for torrents or normal downloads.
- FreeSWITCH, an open source telephony platform.
- Limewire, a Gnutella file-sharing client.
- Mac OS X 10.4 and above.
- MobileMe, Apple Inc's mobile device synchronization service.
- natpmpd, a software implementation of NAT-PMP for OpenBSD
- Nicecast, a music streaming program.
- Nmap, Network security scanner.
- Port Map, a manual port mapping configuration software for OS X.
- Retroshare, a friend-to-friend email, instant messaging, BBS and file-sharing client.
- ShareTool, an automated VPN program for OS X.
- Stallone, a software implementation of NAT-PMP for linux/iptables
- Skype, An internet telephony program.
- sP2P, General purpose NAT traversal/peer-to-peer networking API
- Synology DiskStation Manager (DSM 4.2)
- TomP2P, a Java-based DHT implementation using NAT-PMP
Manufacturer and model, with firmware version tested:
- 2Wire 3801HGV
- AirPort Express
- AirPort Extreme
- AirPort Time Capsule
- AstLinux 1.0.4+, with MiniUPnP daemon
- OpenWrt v8.09 or higher, with MiniUPnP daemon 
- pfSense v2.0, with MiniUPnP daemon
- Tarifa (firmware) (Linksys WRT54G/GL/GS)
- Tomato Firmware v1.24 or higher. (Linksys WRT54G/GL/GS and many more)
- WL500g Project v126.96.36.199-rtn or higher (ASUS RT-N16, WL-500GP and many more)
- Peplink Balance
- ZyXEL HES-319M
- Netgear Genie WNDR3700v2, firmware v188.8.131.52
- Asus RT-N66U firmware v184.108.40.206.374_720
- RFC 6886, NAT Port Mapping Protocol (NAT-PMP), S. Cheshire & M. Krochmal (April 2013)
- ISO/IEC 29341, http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1185
- RFC 6887, Port Control Protocol (PCP), Wing, Cheshire, Boucadair, Penno & Selkirk (April 2013)
- "AstLinux: Universal Plug'n'Play (NAT-PMP and UPnP)". AstLinux. Retrieved 2013-09-15.
- "nat-pmp-info NSE Script". Nmap. Retrieved 2013-09-15.
- "Stallone". Retrieved 2013-10-23.
- "Universal Plug'n'Play and NAT-PMP on OpenWrt - OpenWrt Wiki". OpenWrt. Retrieved 2013-09-15.