NAT Port Mapping Protocol

From Wikipedia, the free encyclopedia
  (Redirected from NAT-PMP)
Jump to: navigation, search

The NAT Port Mapping Protocol (NAT-PMP) is a network protocol for establishing network address translation (NAT) settings and port forwarding configurations automatically without user effort.[1] The protocol automatically determines the external IPv4 address of a NAT gateway, and provides means for an application to communicate the parameters for communication to peers.

NAT-PMP was introduced in 2005 by Apple as an alternative to the more common ISO Standard[2] Internet Gateway Device Protocol implemented in many NAT routers. The protocol was published as an informational Request for Comments (RFC) by the Internet Engineering Task Force (IETF) in RFC 6886.

NAT-PMP is the precursor to the Port Control Protocol (PCP).[3]


NAT-PMP runs over the User Datagram Protocol (UDP) and uses port number 5351.

This protocol has no built-in authentication mechanisms, resulting in opening itself to abuse. Protocol design treats all hosts belonging to the router's local network as trusted and allows them to freely "punch" holes through the network firewall. Though extremely convenient, such a relaxed design opens itself to easy exploiting by malicious software running on any computer that belongs to the local network, or by any rogue computers that manage to gain access to the local network. As a result, intruders can access otherwise firewalled local network services by abusing malicious "holes" punched through the firewall.[1]

Some of the NAT-PMP implementations aim to mitigate those issues by enforcing constraints to port mappings.[4]


Applications supporting NAT-PMP include the following:

  • Baresip, a modular SIP client with audio and video support.
  • BarracudaDrive, Internet File Server, uses NAT-PMP to Internet enable the server.
  • BitTorrent file-sharing clients: Bitcomet, BitTorrent, Deluge, Frostwire, qBittorrent, Transmission, µTorrent and Vuze
  • Colloquy, an Internet Relay Chat client.
  • Crashplan, an offsite backup program.
  • Presence, a remote file access application for Mac OS X, iPhone and iPad.
  • Folx, a downloader for Mac, used for torrents or normal downloads.
  • FreeSWITCH, an open source telephony platform.
  • Limewire, a Gnutella file-sharing client.
  • Mac OS X 10.4 and above.
  • MobileMe, Apple Inc's mobile device synchronization service.
  • natpmpd, a software implementation of NAT-PMP for OpenBSD
  • Nicecast, a music streaming program.
  • Nmap, Network security scanner.[5]
  • Port Map, a manual port mapping configuration software for OS X.
  • Retroshare, a friend-to-friend email, instant messaging, BBS and file-sharing client.
  • ShareTool, an automated VPN program for OS X.
  • Stallone, a software implementation of NAT-PMP for linux/iptables[6]
  • Skype, An internet telephony program.
  • sP2P, General purpose NAT traversal/peer-to-peer networking API
  • Synology DiskStation Manager (DSM 4.2)
  • TomP2P, a Java-based DHT implementation using NAT-PMP

Routers supporting NAT-PMP include the following, listing the manufacturer, model, and tested firmware version:

See also[edit]


  1. ^ a b RFC 6886, NAT Port Mapping Protocol (NAT-PMP), S. Cheshire & M. Krochmal (April 2013)
  2. ^ ISO/IEC 29341,
  3. ^ RFC 6887, Port Control Protocol (PCP), Wing, Cheshire, Boucadair, Penno & Selkirk (April 2013)
  4. ^ "AstLinux: Universal Plug'n'Play (NAT-PMP and UPnP)". AstLinux. Retrieved 2013-09-15. 
  5. ^ "nat-pmp-info NSE Script". Nmap. Retrieved 2013-09-15. 
  6. ^ "Stallone". Retrieved 2013-10-23. 
  7. ^ "Universal Plug'n'Play and NAT-PMP on OpenWrt - OpenWrt Wiki". OpenWrt. Retrieved 2013-09-15. 

External links[edit]