[radiojosh]

How exactly does it break the spirit of the Internet? The spirit of the Internet is that we run out of IPv4 addresses and everyone who uses the Internet has to learn IPv6 and be an expert on firewalls?

I can't tell if you're being elitist because your defacto position is that everyone who uses the Internet has to be a cyber security expert, or if you're just being obtuse because a couple of Google searches will usually set you straight on setting up port forwarding through your router.

[granshaw]

Port forwarding doesn’t help when your public facing ip could change at anytime

[radiojosh]

That isn't NATs fault. That's a dynamically assigned IP address. You can pay for a static, or you can use Dynamic DNS to work around it. If you didn't have NAT, you'd have a static IP by default, but again, you'd be paying for all those extra IP addresses you need.

[jeroenhd]

You don't need to be a firewall expert to use a firewall. Stateful firewalls have been around for longer than I can remember. The default for any consumer firewall is "disable by default", as they should be.

Now with NAT we need to be disable UPnP, and deal with "NAT types" on gaming consoles. Or Nintendo Switches breaking your LAN because Nintendo tells you to put your switch into the DMZ: https://en-americas-support.nintendo.com/app/answers/detail/...

Because of NAT, we now need to deal with firewalls _and_ port forwarding. Plus, because of https://www.armis.com/research/nat-slipstreaming-v2-0/, your IPv4 firewall is practically disabled _because_ of NAT workarounds embedded into your router. You can pick between having a firewall on IPv4 or allowing WebRTC on any of your devices.

[radiojosh]

I don't understand your first point about firewalls, but port forwarding on a consumer router is no more difficult than opening a port on a firewall. Either one can be overcomplicated by a badly designed interface. See Uniquiti Edgerouter for an example.

I know gaming consoles can be a pain with NAT, but is that NAT's fault? That link you pasted about the Nintendo Switch is literally just an article about setting up port forwarding.

And that NAT slipstreaming issue is just a vulnerability caused by complicated protocols. Saying that a fundamental network technology is bad because its implementation is flawed doesn't make sense. I guess we should throw away x86-64 because Intel Skylake processors had side channel vulnerabilities.

[jeroenhd]

Yes, firewalls are easy, that's my point. Any consumer router will cone with apps strong a firewall as NAT us able to provide, and an even stronger one if ALGs are enabled.

The consoles are a common and obvious downside of using NAT. The Nintendo Switch article is an example of the stupid workarounds vendors will require because of NAT. None of these issues existed if we used IPv4 as it was designed.

The issue behind NAT slipstreaming isn't that the protocols are too complex. They work fine on IPv6 and they worked fine on IPv4 without NAT. The issue is that NAT requires hacky workarounds to do normal networking. The ALG vulnerabilities can be fixed, but fixing them wouldn't be necessary if NAT wasn't such a hack.