This is your periodic reminder that NAT was neither designed nor architected for security.
IIUC, this only works if your NAT has certain ALGs enabled.
Is there any easy way to test if a NAT has this enabled or not? Many consumer routers provided by ISPs don’t offer many configuration options.
Is there a straightforward way to disable the problematic ALGs? I suppose it varies by what router you’re using. I have an Eero system; its firmware is up to date, but the release history doesn’t mention any fixes for something like this.
I’m wondering if these could be added to STUN like protocols to give clients that want to open direct connections more ways to connect to each other.
I would not be surprised if FTP in particular was great for this.