Read hereSymmetric NAT.
Until recently, this was the most common implementation. Its characteristic feature is in the NAT table mapping addresses IL to IG address is tied to the address OG, that is, the destination address specified in the outgoing packet that triggered the mapping. When specified to implement NAT in our example, the host 192.168.0.141 get-translated incoming UDP packets from the host 220.127.116.11 only and strictly with source port 53 and destination port 1053 – no one more. The packets from other hosts, even if the packet destination address and destination port are present in the NAT table will be destroyed by the router. This is the most paranoid implementation of NAT, which provides greater security for hosts on the local network, but in some cases greatly complicates the life of system administrators. And users too.Full Cone NAT.
This implementation of NAT is the complete opposite of the previous one. In Full Cone NAT, incoming packets from any external host will be built and forwarded to a corresponding host in a local network, if the NAT table there is a corresponding entry. Moreover, the source port number in this case is also irrelevant – it may be 53, and 54, and generally anything. For example, if a certain application running on the computer in the local network initiated the receipt of UDP packets from the external host 18.104.22.168 to local port 4444, the UDP packets for this application will be able to send and also 22.214.171.124, and 126.96.36.199, and everything up until the entry in the NAT table will not be for any reason removed. Again: in this implementation of NAT on incoming packets is checked only transport Protocol, the destination address and the destination port address and the source port is not important.Address Restricted Cone NAT (aka Restricted NAT).
This implementation occupies an intermediate position between Symmetric and Full Cone NAT the router will broadcast incoming packets with a specific source address (in this case 188.8.131.52), but the source port number may be any.Port Restricted Cone NAT (or Port Restricted NAT).
What Address Restricted Cone NAT, but in this case, the router pays attention to the line numbers of the source port and does not pay attention to the source address. In our example, the router will broadcast incoming packets with any source address, but the source port at the same time obliged to be 53, otherwise the package will be destroyed by the router.