Most home and corporate routers implement NAT, making running any server software in the local host behind such routers impossible. If you are interested, the NAT Traversal, or Hole Punching, is the mechanism for opening an inbound port in the NAT tables inside these routers.

For the local host to connect with a remote host behind any NAT, the local host must first perform an outbound transmission to the remote one. This action creates a dynamic rule in the NAT table. This temporary entry maps the local host’s IP address and port to the remote host’s IP address and port. This rule allows the remote host to connect to the local host.

L L L o o o c c c a a a l l l P P P C C C # # # P N 1 2 3 R E I T V W A O T R E K N A T 1 1 1 I L 9 9 9 o 2 2 2 N c . . . a 1 1 1 T l 6 6 6 8 8 8 E N I . . . A P 0 0 0 R T : . . . P 1 2 3 N o : : : M r 1 8 4 E a t 1 9 4 p T p i n P 1 1 1 g u 1 1 1 b . . . l 2 2 2 T i 2 2 2 W S W a c . . . e T e b 3 3 3 b U b l I 3 3 3 N e P . . . S S : 4 4 4 e S e P 4 4 4 r e r o : : : v r v r 1 2 3 e v e t r e r r A B

This process has a critical role played by a helper called STUN server. It determines when a particular host should take the time to send an outbound transmission to another host and at the transport address to use. Such a scenario is typical and usually managed by server with a public internet address acts as a third host. This server takes the external IP and port for each peer and shares that information with those peers who wish to communicate with it. This reassurance in the process will boost your confidence in handling NAT Traversal.

STUN / TURN requirements:

NAT Cone Full Cone Address-Restricted Port-Restricted Symmetric
Full Cone STUN STUN STUN STUN
Address-Restricted STUN STUN STUN STUN
Port-Restricted STUN STUN STUN TURN
Symmetric STUN STUN TURN TURN