[p2p-hackers] Unidirectional or Bidirectional Manual Port Forwarding?

[David Barrett]

I'm experimenting with a particular user, and I'm experiencing 
unexpected behavior with regard to UDP port forwarding.  I'm not sure if 
something is broken, or if I just misunderstand how it's supposed to 
work.  Can you offer me any clarity on what should occur in this situation?

Specifically, a user has configured his NAT (some DLink, 
address-restricted filtering model) to manually forward external traffic 
sent to a given port a specific internal IP:port.  And this works fine 
-- traffic sent to the external endpoint X is in fact forwarded without 
trouble to internal endpoint Y.  This this works great when a remote 
host is initiating a UDP session to the internal host.

However, the reverse doesn't work so great.  What I *expected* would 
happen is that all UDP sessions initiated from internal endpoint Y would 
be advertised to remote users as coming from external endpoint X.  ie, I 
expected internally-initiated connections would "go out" through the 
manually-configured port-forwarded mapping.  Thus regardless of which 
side initiated the connection, the remote side would see and use 
external endpoint X.

But in practice, it appears the NAT ignores the port mapping when the 
internal machine initiates the connection, and instead establishes a new 
external mapping -- with the very address-restricted filtering 
properties I was hoping to avoid.

So I guess what I'm asking is:

1) Are manually-forwarded NAT port mappings typically unidirectional or 
bidirectional?  Does this depend on the NAT model?

2) Is it possible to manually configure the outbound mapping (ie, force 
all traffic originating from an internal endpoint to use a specific 
external endpoint)?

2) What type of mapping does UPnP attempt to establish?

Thanks, and sorry for the meandering question -- I don't know enough to 
phrase it more succinctly!

-david