问题
There is an answer explaining in simple terms how a router works translating requests from the local network to outside and back (https://superuser.com/questions/105838/how-does-router-know-where-to-forward-packet) what is not clear - for how long a record in the NAT is kept?
For example, if I send a UDP request to 25.34.11.56:3874 and my local endpoint is 192.168.1.21:54389 the router rewrites the request packet and adds a record to the NAT. Let's say the external endpoint will be 68.55.32.89:34535. Then the computer which received my request responds to the 68.55.32.89:34535 and the packet it forwarded to the local 192.168.1.21:54389 in accordance with the NAT record. What happens after that to the records?
What if the 25.34.11.56:3874 decides to send a request to my external endpoint 68.55.32.89:34535 after 10 or 100 minutes? Will it still be forwarded by the router to the 192.168.1.21:54389?
Let's say there is another remote computer with the endpoint 55.43.77.98:8765. What will happen if this computer sends a request to my external endpoint 68.55.32.89:34535? Will it be forwarded to the local 192.168.1.21:54389 or will it be filtered out by the router because the remote endpoint does not match 25.34.11.56:3874 which was initially used for the first request and for the NAT record?
回答1:
It depends.
According to Section 4.3 of RFC 4787, the UDP timeout of a NAT should not be smaller than 2 minutes (120 seconds), except for selected, well-known ports. In practice, however, routers tend to use smaller timeouts. For example, OpenWRT 14.07 uses a timeout of just 60 seconds.
For TCP, the timeouts can be much larger, since TCP connections are usually terminated by an explicit FIN/FIN-ACK exchange. For established TCP connections, Section 5 of RFC 5382 specifies a timeout of no less than 2 hours 4 minutes (7204 seconds), and OpenWRT uses 7440 seconds.
Concerning your second question, most NATs maintain mappings that are specific to a pair of endpoints (socket addresses). If a host A inside the NAT sends a datagram to socket adress B, then the mapping will only apply to communication between A and B — a different host C outside the NAT will not be able to use that particular mapping to send data to A. (Some so-called full cone NATs allow that, but they are fairly rare.)
来源:https://stackoverflow.com/questions/30354131/for-how-long-a-router-keeps-records-in-the-nat-and-can-they-be-reused-forwarding