Comment by sedawkgrep
2 days ago
NAT effectively stops inbound connectivity at the NAT edge. A system could be a dozen hops beyond that and no inbound traffic can reach it.
IPv6 (without any NAT) means that the source and destination are fully routable.
How folks DON'T see this as a functional component of security is beyond me.
I'd expect folks would see the behavior you're describing here as being part of security.
However, NAT in the real world doesn't work the way you're describing here. My position is based on how NAT actually behaves, not on incorrect descriptions of how it behaves.
Or perhaps you could explain how NAT stops inbound connectivity at the NAT edge? I've tested and it doesn't, so I don't think it's possible to explain how it does, but I'm open to being wrong on that if anybody could actually explain it in a way that doesn't contract actual observed behavior.