[dehrmann]

It seems more like a weird Hetzner thing that they won't give you a IPv4 NAT gateway.

[jorams]

They charge €0.50 per month to add an IPv4 address. A shared IPv4 NAT gateway introduces a whole lot of problems for them just to support customers who need IPv4 but don't want to pay a tiny amount for it.

[drozycki]

How would a server-side NAT know which Hetzner customer it should route a request to? It has an encrypted packet arriving at this shared address on port 443. You can route a shared address to the proper service based on the HTTP Host header but that can only be done by the customer using their encryption key, so no sharing an address between customers. Home LAN NAT only works because the router can change the source port used by the request so that responses are unambiguously routed to the right client.

[lelandbatey]

I don't think they're saying they should support incoming connections on such a NAT, I think they're saying that servers behind the NAT would be able to make outgoing connections (e.g. to access shared resources).

[kingstnap]

Well, the answer is easy. It doesn't do any forwarding, so a random 443 packet gets dropped.

It would be the same as with home NAT. Your device can create TCP connections outbound but can't listen/accept.

It would solve the problem of not being able to communicate to another IPv4 server but it prevents you from hosting your own.