|
|
|
|
|
|
by jacquesm
2394 days ago
|
|
|
You're technically correct but in practice ever since NAT has been a thing routers have stopped passing on incoming connections to the machines behind it unless specifically - and usually laboriously - configured to do so. This is also why NAT is considered hostile to a peer-to-peer internet, which prompted this very good article: https://www.fourmilab.ch/documents/digital-imprimatur/ by John Walker, of Autodesk fame. The router has a public IP and everything behind it has a local one. That you can do NAT in different contexts and that technically you could have NAT without the firewall functionality doesn't change that this is 99.9% of all NAT applications. A bit more text about this concept: https://security.stackexchange.com/questions/176744/why-is-n... |
|
|
And this is in fact what we see in the real world with IPv6 deployments. Roughly 50% of my country has IPv6, and every single provider provisions it with sensible default firewall rules.