Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is (home) NAT making the problem more complex than a stateful firewall? You never want to have a policy where incoming connections/UDP streams are permitted by default to reach any random device on the network, regardless of whether that device has a routable IP or not.

Now, CGNAT is a different beast and more worrisome from that point of view.



> How is (home) NAT making the problem more complex than a stateful firewall?

ICE/TURN/STUN: the address that your software sees on your laptop, desktop, home NAS is not the address that clients can connect to.

In both NAT and non-NAT you have to use UPnP/PCP to do hole punching, but with NAT you have to do a bunch of address-y stuff as well.


How do you have two different devices running a webserver on two different IPs at home with NAT?


In a decade or two, everyone is going to be behind CGNAT. There are not enough IPv4 addresses.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: