Home | Downloads | Compatibility list | libnatpmp | xchat upnp patch | Forum
To put it in a nutshell, the NAT Port Mapping Protocol promoted by Apple computer and integrated in recent AirPort wireless routers/access points and in Mac OS X is an alternative to the much less elegant UPnP IGD (Internet Gateway Device) specification.
NAT-PMP is part of the Bonjour protocol specifications. Below is the description of the protocol as found in the internet draft (ie RFC draft) first published by Apple Computer in september 2005, and updated since until it became RFC 6886. All the versions are available on IEFT web site.
It is designed to work on small NATed LANs : A domestic network with one wireless router and a few devices with private IP addresses, as defined in RFC 1918. In NAT-PMP, the service is provided by the default gateway of the network which is the router connecting the private network to the outside world. The clients send their request in the form of UDP packets to the port 5351 of the default gateway. So there is no need for a discovery process as it is the case within the UPnP IGD specification.
NAT-PMP has now be superseded by it's successor, Port Control Protocol (aka PCP) which is described in RFC 6887.
Every request packet starts with two bytes : the protocol version (must be 0) and the Operation code. The response starts with one byte for protocol version (0) followed by the response operation code (128 + the request operation code) and two bytes (in network order) for the result code. All 2 bytes and 4 bytes values are transmitted in network order.
Note : PCP use version 2 (Version number 1 was used by a vendor that shipped products that use a protocol that is incompatible with the IETF Standard).
| Byte 0 | Byte 1 |
|---|---|
| Version = 0 | OP Code = 0 |
| Byte 0 | Byte 1 | Byte 2 | Byte 3 |
|---|---|---|---|
| Version = 0 | OP Code = 128 | Result code | |
| Byte 4 | Byte 5 | Byte 6 | Byte 7 |
| Seconds since port mapping table was initialized | |||
| Byte 8 | Byte 9 | Byte 10 | Byte 11 |
| Public IP Address | |||
| Byte 0 | Byte 1 | Byte 2 | Byte 3 |
|---|---|---|---|
| Version = 0 | OP Code = 1 | 2 | Reserved (0) | |
| Byte 4 | Byte 5 | Byte 6 | Byte 7 |
| Private port | requested public port | ||
| Byte 8 | Byte 9 | Byte 10 | Byte 11 |
| Requested port mapping lifetime in seconds | |||
| Byte 0 | Byte 1 | Byte 2 | Byte 3 |
|---|---|---|---|
| Version = 0 | OP Code = 129 | 130 | Result code | |
| Byte 4 | Byte 5 | Byte 6 | Byte 7 |
| Seconds since port mapping table was initialized | |||
| Byte 8 | Byte 9 | Byte 10 | Byte 11 |
| Private port | Mapped public port | ||
| Byte 12 | Byte 13 | Byte 14 | Byte 15 |
| Port mapping lifetime in seconds | |||
| Code | meaning |
|---|---|
| 0 | Success |
| 1 | Unsupported Version |
| 2 | Not Authorized/Refused (e.g. box supports mapping, but user has turned feature off) |
| 3 | Network Failure (e.g. NAT box itself has not obtained a DHCP lease) |
| 4 | Out of resources (NAT box cannot create any more mappings at this time) |
| 5 | Unsupported opcode |
When the public address changes, the NAT gateway must send a notification on the multicast group 224.0.0.1 port 5351 with the format of a public address response. update : since the 2008 version of the specification, port 5350 is used instead.
There is no specific request to remove a port mapping. One should use the port mapping request with a lifetime of zero. If lifetime and private port are zero, then all the port mapping to this host are removed.