Reference Manual


ukmap - specify unknown port mappings
ukmap apm
ukmap mstcp | nat32
ukmap add tcp|udp port_range IP_dst_addr target_port [ifn]
ukmap delete tcp|udp port_range [ifn]


Command ukmap controls permanent unknown port mappings. Unknown port mappings are used to send incoming unsolicited Internet traffic to a single specified target port on a specified private machine. That machine could be a multiplayer game server, or it could be a machine running software which logs activities of potential intruders and responds with seemingly normal traffic (honeypot).

Per default, no servers other than those running under Windows on the NAT32 machine are accessible from the Internet.

If no argument is specified, the current state of the unknown port mapping table is printed as follows:

Index      - the table index
Ifn        - the interface number to which the mapping applies
Proto      - the protocol type (UDP or TCP)
Port range - the port number and range to be mapped
IPdst      - the destination address of the mapping
Ndp        - the target port number
If the add argument is specified, four further arguments are required:
tcp or udp     - the desired protocol
port_range     - the port number range which a remote machine uses to
                 reach a specified private host
IP_dst_address - the private IP address of the target machine
target_port    - the port number at which the private machine listens

An optional ifn argument can be specified if the mapping is to be restricted to a particular Internet interface.


ukmap add udp 2000:2100 1000

The above command will map incoming UDP packets with port numbers in the range 2000 - 2100 to port 1000 on machine

If the delete argument is specified, the entry for the specified protocol and port number range is deleted from the table. Hosts on the Internet then no longer have access to that server.

If the apm argument is specified, the state of the Auxiliary Port Mapping table is printed. This table contains details of currently established connections. This option is used for diagnostic purposes only.

Command ukmap mstcp causes unknown incoming traffic to be sent to the MSTCP. Similarly, ukmap nat32 causes such traffic to be processed by NAT32. Any specified unknown mappings will then be applied.

Use Unknown Port Mapping with care because it gives external hosts access to servers on your private machines. Be sure you have set strong passwords on all services which you present to the Internet.

You do not need to add Unknown Port Mappings for applications such as ICQ, which assume that UDP mappings are permanently stored in the Port Mapping Table of a NAT. See command umap for details on how to support such applications.

amap icmap ipmap pmap ppmap setb umap