> *NAT isn’t actually a security feature—it’s an address conservation mechanism ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tbrownaw 6 days ago \| parent \| context \| favorite \| on: IPv6 is not insecure because it lacks a NAT > NAT isn’t actually a security feature—it’s an address conservation mechanism that became necessary because we ran out of IPv4 addresses. > But the security benefits people attribute to NAT actually come from the stateful firewall that’s typically bundled with NAT routers. 1. It requires a stateful firewall. 2. It isn't possible to accidentally a default-allow rule on that firewall. It may not be intended as a security feature, but it can't not act as one in practice.

Dagger2 6 days ago [–]

No, NAT requires state tracking, not a stateful firewall. If you want a firewall when NATing, you have to configure that separately. You can absolutely NAT without a firewall, and it won't act like one by itself.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact