Comment by wink
18 days ago
I would phrase it as: NAT accidentally "breaks" or "makes harder/impossible" something which yields increased security, under some circumstances.
18 days ago
I would phrase it as: NAT accidentally "breaks" or "makes harder/impossible" something which yields increased security, under some circumstances.
It doesn't though. NAT edits your outbound connections to appear to come from the router's IP; it doesn't do anything to make inbound connections harder.
If you don't initiate a corresponding outbound connection first then any attempt at an inbound connection will be dropped (unless you have a DMZ configured ofc). The router literally can't forward the traffic because it doesn't know where it should go.
No, the router doesn't forward it because it doesn't get there in the first place. Your 192.168.1.0/24 private network is not going to be routed across the internet.
It might be dropped by a firewall, but not by NAT.
IP packets have a "destination IP" field in the header. The router knows where to forward packets because it reads that IP out of the header.
11 replies →