Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> NAT doesn't.

> 1:many NAT does.

This is technically correct but how often do you really see 1:1 NAT.



It's not even technically correct; it's just wrong.

NAT doesn't make any choices on where a packet gets delivered. For packets that aren't part of an existing steam, NAT will simply not edit the packet. Unless there's a separate firewall that chooses to drop it, the packet will get delivered to whatever IP was already in the destination field, which could be the IP of one of your LAN machines.


> For packets that aren't part of an existing steam, NAT will simply not edit the packet.

A 1:1 NAT should generally just swap IP for IP and not know about streams or ports at all.

> Unless there's a separate firewall that chooses to drop it, the packet will get delivered to whatever IP was already in the destination field, which could be the IP of one of your LAN machines.

I would call that a routing rules error, even in the absence of a firewall.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: