Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even a correctly-configured NAT will let connections in from outside, and a lot of people don't understand this.

Personally I'd count "your security thing doesn't actually do the thing it's supposed to do" as being pretty bad on the security scale. At least people understand firewalls.



> Even a correctly-configured NAT will let connections in from outside, and a lot of people don't understand this.

Yes, that's called port forwarding and it is normal thing. You actually want that.


It will let them in without a port forward in place. The port forward just rewrites the IP on an incoming connection, nothing more.


If you can reuse opened connection, but that will work with firewall too.


You don't need any tricks like that. Regular new connections will work.


No it won't because that's not how NAT is working.


It will, and if you test it then it does.

NAT doesn't apply to inbound connections if you don't have a matching port forward rule, so it kind of doesn't matter how NAT works here. This is pure routing, not NAT.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: