Comment by fsh
7 hours ago
If your router had only NAT and someone (i.e. your ISP) sends it a package addressed to somewhere inside your internal IP range, it will happily forward it. A firewall would block it.
7 hours ago
If your router had only NAT and someone (i.e. your ISP) sends it a package addressed to somewhere inside your internal IP range, it will happily forward it. A firewall would block it.
Who exactly is going to route/send an RFC1918 address to an Internet gateway?
Are you implying your ISP itself is going to do this? Because the Internet at-large doesn't have routes for your internal address space.
> Who exactly is going to route/send an RFC1918 address to an Internet gateway?
The GP is talking about 1:1 'basic' NAT:
* https://datatracker.ietf.org/doc/html/rfc2663#section-4.1.1
Does your ISP attack you often?
Okay, I'm running tcpdump on my desktop. Send me some packets to 192.168.1.127 and I'll watch out for them.
Find me a consumer IPv4 router sold in the last ~10 years that does that by default.
Security comparisons should be between proposed new tech vs. existing tech, not vs. hypothetical straw-man tech.
Find me a consumer IPv6 router sold in the last ~10 years without a restrictive firewall enabled by default. I have never seen one.
Consumer IPv4 router has both firewall and NAT enabled by default, and such packet is blocked by its firewall functionality.