Comment by deng

4 days ago

> NAT per se does not prevent an outside host from connecting to a host on your local network.

Yep, and a firewall per se does not prevent an outside host from connecting to a host on your local network. You can bang your head all day long, the side effect of NAT is to only allow incoming traffic that refers to an established connection that was initiated from the local network. How is this different from a firewall that does

Allow established, related

Allow outbound

Deny inbound

4 comments

deng

Reply
Dagger2  4 days ago

No, the side effect of NAT is that outbound connections made from your network look like they come from the router's WAN IP. It doesn't filter incoming traffic.

If it did then you might have a point, but since it doesn't it's very different from a firewall that's configured to do that.

  • deng  4 days ago

    > No, the side effect of NAT is that outbound connections made from your network look like they come from the router's WAN IP.

    That's the primary function of NAT, not a side effect.

    > It doesn't filter incoming traffic.

    Of course it does, it drops any incoming traffic for which it cannot find a corresponding connection. How is this not a filter?

    I know that internally these two are vastly different. The reality is that NAT is used as protection for millions of home networks.

    • bandrami  4 days ago

      It really doesn't, it's just that in 99% of SO/HO setups it's the firewall that's also doing the NAT. NAT by itself just mangles packets.

      1 reply →