受限制的锥形nat会对传入的数据包进行筛选,当内部主机发出“外出”的会话时,nat会记录这个外部主机的ip地址信息,所以,也只有这些有记录的外部ip地址,能够将信息传入到nat内部,受限制的锥形nat 有效的给防火墙提炼了筛选包的原则——即限定只给那些已知的外部地址“传入”信息到nat内部。
port-restricted cone nat
a port-restricted cone nat, in turn, only forwards an incoming packet if its external ip address and port number match those of an external endpoint to which the internal host has previously sent outgoing packets. a port-restricted cone nat provides internal nodes the same level of protection against unsolicited incoming traffic that a symmetric nat does, while maintaining a private port's identity across translation.
端口受限制的cone nat
