On Aug 10, 2022, rhkramer@gmail.com wrote: > On Wednesday, August 10, 2022 04:12:11 AM Curt wrote: > > I never realized that local addresses were fundamentally identical in all > > local networks because there weren't enough addresses in the first > > place, and that NAT was essentially designed to palliate this shortage. > > Yes, aiui, NAT was designed because of the address shortage, but ... > > > I thought the latter was some sort of security measure. > > at least in early versions of NAT (more below) it also provided some level of > security as it was designed to only forward incoming connections (to computers > in a LAN) from "known" external computers. > > I.e., if a computer on the LAN contacted a computer outside the LAN, NAT would > allow incoming data from that external computer, but not allow incoming data > from other external computers. That isn't (nor ever was) a "feature" of NAT, rather the firewall. If there's a matching DNAT rule, the packet is destined for a PC using an RFC1918 address; update the IP Address and check the resulting packet against the FORWARD chain. If there's not a matching DNAT rule, the packet is destined for the machine acting as gateway; check the packet against the INPUT chain. -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
Attachment:
signature.asc
Description: PGP signature