From kali forum about NAT router problems:
Kali may display one or more of several different NAT and "port" related errors, warnings, or notices. Each of these messages indicates the cause of the problem, details on what exactly happened, and sometimes more information on how to correct the problem. Please take the time to read the posts in the forum and see if your problem has already been discussed. Most have been discussed several times already. If you still think you need more information and want to request help, please post the exact, word-for-word message that you received and what you've tried to do to fix it.
Why do I get this NAT error message?
That error is caused by a connection problem, most likely a NAT router you have setup to share an Internet connection. Sometimes your ISP sets up the NAT configuration making it harder or impossible to fix.
What is NAT?
It stands for Network Address Translation. NAT is used to allow multiple PCs to share a single IP#. Most DSL and Cable modem routers use some form of NAT to allow you to share an Internet connection and programs like Wingate and Microsoft's Internet Connection Sharing (ICS) use a software NAT solution to allow connection sharing on a single IP#.
In most cases Kali works seemlessly through NAT. Many users can simply install and run Kali without ever knowing about these problems that keep other users from enjoying Kali.
Why doesn't my NAT setup work properly?
It's probably because your NAT router (either hardware or software NAT solution) doesn't properly handle UDP packets. Most of these NAT systems handle TCP properly as TCP is used for web browsing, email, ftp, and even some games. However, UDP isn't as commonly used as TCP and in most cases UDP isn't used for peer-to-peer connections. The most common use of UDP is for DNS lookups (when your web browser takes a name like
www.kali.net and turns it into an IP# like 66.151.180.3). A very crude NAT system can handle this very simple use of UDP, but anything more complicated will fail.
Kali uses UDP and when bad NAT routers are used with Kali, things can go wrong.
What goes wrong?
Kali uses peer-to-peer instead of client-server technology. There are many reasons for this setup including efficiency, performance, and LAN emulation requirements.
In any case, peer-to-peers means that your PC directly communicates with every other PC connected to your game lobby or chat server instead of only communicating directly with the Kali Servers.
In a normal (non-NAT setup) Kali will send and receive all data on a single "port". A "port" is a simple way TCP/IP uses to allow different applications to use the same connection without getting data mixed up.
Kali, by default, uses UDP port 2213. That means that anything sent to your PC and labeled with port 2213 will be sent to the Kali application. This allows any user on Kali to send data to your PC by referring to your Internet IP# and the Kali port number.
With NAT, your PC must share that ip# with other PCs on the LAN. If two PCs on the LAN both tried to use the same port, communications would get totally mixed up. Data that was supposed to go to one PC would go to both PCs and it would be impossible to communicate properly. NAT systems "solve" this problem by translating the port numbers so that the rest of the internet sees each PC on a different port. Usually this solution works, but sometimes the NAT system behaves poorly and causes trouble.
One common example of bad NAT behavior is only allowing one "connection" at a time on a port. UDP is supposed to be connectionless. You should be able send and receive packets from one port to any number of other PCs, but these poorly designed NAT systems make the assumption that like TCP.
LB said about port forwarding. I must say its often not enogh to make kali working. I have a vigor 2500 from drytek. Its a good router but I worked on it 2 days and called technical help cos kali failed. My solution was not only forward ports : 2231 public to 2213 local but also adding my pc as
HOST IN DMZ and turning on one small options to allow udp packets to pass. DMZ means demilitarized zone - so my pc is less protected then it was before. Allowing udp data to pass was also needed cos kali uses udp as u could wrote b4 above.