← Back to context

Comment by icedchai

1 month ago

Non-routeable internal addresses are pretty effective at preventing external actors. When most people say "NAT", that is what they mean.

You are technically correct in that 1) disallowing external actors is not a property of "NAT" itself, 2) theoretically someone could establish routing to your RFC-1918 network if they had ISP control or had layer-2 adjacency.

Practically speaking, this is not a problem. NAT + RFC-1918 addressing provides a layer of security. Is a firewall better? Of course.

0 comments

icedchai

Reply