Comment by tbrownaw
1 month ago
> NAT isn’t actually a security feature—it’s an address conservation mechanism that became necessary because we ran out of IPv4 addresses.
> But the security benefits people attribute to NAT actually come from the stateful firewall that’s typically bundled with NAT routers.
1. It requires a stateful firewall.
2. It isn't possible to accidentally a default-allow rule on that firewall.
It may not be intended as a security feature, but it can't not act as one in practice.
No, NAT requires state tracking, not a stateful firewall. If you want a firewall when NATing, you have to configure that separately. You can absolutely NAT without a firewall, and it won't act like one by itself.