Comment by Dagger2
11 hours ago
That's not the case at all. You could disable their NAT and they wouldn't lose any protection whatsoever.
11 hours ago
That's not the case at all. You could disable their NAT and they wouldn't lose any protection whatsoever.
Yes, it is the case. In the real world, there are malfunctioning ALGs, permissive defaults, and connectionless protocols that are poorly tracked by these sloppy, underpowered "SPI" devices.
It's not, because in the real world NAT only affects your outbound connections. That means that turning it off only changes the behavior of outbound connections, not inbound ones.
Any inbound connection that would have worked before you turned it off will still work afterwards, and any that wouldn't have worked before will still not work afterwards.
Think about what 99% of SOHO users have: PAT (Nat Overload). This NAT impacts the way a connection is established in BOTH directions. Inbound connection attempts from the Internet to the NAT public IP address of the SOHO router can go no further than the router. We are talking what 99% of users have installed.
Maybe this is the reason for some of the disagreement. I am focusing on what is installed at 99% of user installations (PAT). I would agree with the comments that a 1-to-1 NAT offers no EXTRA security.
2 replies →