NATPMPC - Basic Documentation
natpmpc --help
# natpmpc --help Unknown option --help Usage : natpmpc [options] display the public IP address. natpmpc -h display this help screen. natpmpc [options] -a <public port> <private port> <protocol> [lifetime] add a port mapping. Option available : -g ipv4address force the gateway to be used as destination for NAT-PMP commands. In order to remove a mapping, set it with a lifetime of 0 seconds. To remove all mappings for your machine, use 0 as private port and lifetime.
Requesting a Port Mapping
To request a port mapping, use the following command:
natpmpc add <external_port> <internal_port> <protocol> <internal_ip>
- `<external_port>`: The external port that should be open on the router. - `<internal_port>`: The internal port on the device behind NAT to forward to. - `<protocol>`: The protocol to use, typically `TCP` or `UDP`. - `<internal_ip>`: The IP address of the device on your local network.
For example, to forward port 8080 externally to port 80 on an internal device with IP `192.168.1.100` using TCP:
natpmpc add 8080 80 TCP 192.168.1.100
This command will request the router to map external port 8080 to internal port 80 on the specified device.
Removing a Port Mapping
To remove an existing port mapping, use the following command:
natpmpc del <external_port> <protocol>
- `<external_port>`: The external port you wish to remove the mapping for. - `<protocol>`: The protocol (`TCP` or `UDP`) associated with the port mapping.
For example, to remove the mapping for external port 8080 using TCP:
natpmpc del 8080 TCP
Querying Existing Mappings
To view the current port mappings on your NAT device, use:
natpmpc list
This command will display the active port mappings and their associated internal and external ports.
Viewing NAT-PMP Router Status
To check if your router is responding to NAT-PMP requests, use the following command:
natpmpc status
This command will show the current status of the router’s NAT-PMP support, including whether it is reachable and responding to port mapping requests.
Troubleshooting natpmpc
If you're encountering issues with `natpmpc` or NAT-PMP, the following troubleshooting steps may help resolve common problems.
Router Does Not Support NAT-PMP
If `natpmpc` returns an error stating that the router does not support NAT-PMP, ensure that:
- Your router actually supports NAT-PMP. Not all routers do, as many support only UPnP (Universal Plug and Play) instead.
- NAT-PMP is enabled on the router. Check the router’s configuration settings to ensure NAT-PMP is turned on, or consult the router’s documentation for instructions on how to enable it.
Port Mappings Not Working
If port mappings are not working as expected:
- Verify that the device behind the NAT has the correct internal IP address. The port mapping will only work if the device’s IP matches the one specified in the `natpmpc` command.
- Ensure that the local firewall on the internal device allows incoming traffic on the mapped port.
- Double-check that the correct protocol (TCP or UDP) is used in the command.
To confirm that the device’s firewall is configured correctly, check the firewall status and adjust the rules as needed. For example, on Linux using `ufw`:
sudo ufw allow 80/tcp
This will allow incoming TCP connections on port 80.
NAT-PMP Router Not Responding
If the `natpmpc status` command reports that the router is not responding, try the following:
- Ensure that the router is properly connected to the internet.
- Check if the router is blocking NAT-PMP requests or if NAT-PMP is disabled. Refer to the router’s manual or admin interface to enable it.
- Verify that your device is connected to the same network as the router and that the router is reachable via the local network.
- Some routers may have a firewall or security features that block port mapping requests. If necessary, disable or configure the router's firewall to allow NAT-PMP traffic.
NAT-PMP Service Disabled
If you cannot use `natpmpc` commands because the NAT-PMP service is not running on your system:
- Ensure that your Linux system has the required `natpmp` or `miniupnpc` package installed. On Debian-based systems, install the required package with:
sudo apt install natpmp
- Restart the NAT-PMP service or your system to ensure it starts up properly.
Firewall Blocking NAT-PMP Traffic
If you suspect that your local firewall is blocking NAT-PMP traffic, ensure that port 5351 (the default port used by NAT-PMP) is open. You can do this by checking your firewall settings and allowing UDP traffic on port 5351:
sudo ufw allow 5351/udp
This will allow the necessary NAT-PMP traffic to pass through your firewall.
Useful Links
- [NAT-PMP Specification](https://tools.ietf.org/html/rfc3020)
- [natpmpc GitHub Repository](https://github.com/ayufan/natpmpc)
- [MiniUPnP Project (UPnP and NAT-PMP Tools)](https://miniupnp.tuxfamily.org/)
- [NAT-PMP Overview on Wikipedia](https://en.wikipedia.org/wiki/NAT_PMP)
- [UPnP vs NAT-PMP](https://www.digitaltrends.com/computing/what-is-upnp/)
