A cheat sheet for NAT types

full cone NAT = traffic-initiated automatic port-forwarding managed by the kernel
xx-restricted cone NAT = traffic-initiated automatic port-forwarding with firewall implemented in someways

symmetric NAT != port-forwarding
because the NAT device will also consider the outer tuple(source host:port) upon receipt, besides the NAT port itself.
So the same NAT port can now be mapped to multiple inner tuples(destination host:port) based on the outer tuples(and the NAT port, of course).

cone NAT/port-forwarding = one-to-one mapping (NAT port, inner tuple)
symmetric NAT = one-to-one mapping (NAT port && outer tuple, inner tuple)


symmetric to symmetric NAT traverse is still possible by guessing or oracle, whatever you like, only if there is a predictable pattern, such as linear increase, in the NAT port allocated on both sides.