[zAy0LfpBZLC8mAC]

The point is that IP doesn't work how you think it works, but I have no clue what exactly your misconception is, so I don't know what I need to explain to you to make you see the error in your reasoning.

And unfortunately, you don't even answer my questions, instead just hand-waving your way through the explanation, ignoring all the details that would show where your misunderstanding lies.

In any case, no, if you only remove NAT from your home router that also has a stateful firewall, nothing changes security-wise. It just doesn't. No need to install firewalls on all your devices or anything like that, having a firewall on your uplink router is still perfectly sufficient for that without NAT.

And if your home router really only does NAT, without a stateful firewall that prevents inbound connections, then no, your NAT-only router does not prevent inbound access to your home network.

I understand that you believe otherwise, but your belief simply is incorrect, but you won't be able to understand why if you don't dive into how a NAT gateway actually works instead of hand-waving your way through the explanation.

[AmericanChopper]

> if you only remove NAT from your home router that also has a stateful firewall, nothing changes security-wise.

But now I don’t have an internet connection, because none of the devices on my home network have an internet routable IP.

[privateSFacct]

NAT - regardless of firewalls or anything else - requires explicit config to allow packets to a host behind NAT. That’s is a security feature. Carrier grade NAT makes that even clearer. Note - I’ve configured non Firewall NATs - still requires explicit config. Some load balancer are basically non firewall NATs

[zAy0LfpBZLC8mAC]

For one, that does not strictly follow, because you can use NAT with globally routable addresses on your home network.

But in any case, the implied assumption was that you also switch to globally routable addresses for all your devices/that we are possibly talking about IPv6, where that would be the norm anyway. The point is that actually usable internet connectivity without NAT and with a stateful firewall has exactly zero differences security-wise vs. a setup that uses NAT and a stateful firewall. That is, except for the fact that all those misconceptions that people have about NAT can make people think that their network is secure when it is not, simply because they have NAT--if you don't have NAT, you can not mistakenly believe that it protects you against inbound connections.