Comment by ErroneousBosh
1 month ago
Okay, but unless you've poked a hole through NAT (and if you have, presumably you know what you're doing), what are those incoming connections going to connect to?
If there's nothing to connect to, is there really an incoming connection?
They connect to whatever IP is specified in the packet's "destination IP" header field. It's exactly the same behavior as if there was no NAT going on.
The destination IP header from the internet belongs to the router. There is nothing internal to connect to without NAT.
No, it might belong to the router. If it does then the connection goes to the router, but if it's set to a LAN machine's IP then the packet gets routed to the LAN machine.
You aren't in control of the contents of inbound packets, and NAT won't filter them to enforce anything about the destination IPs in them either.