Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The fact that we are giving IP addresses an hierarchy is stupid. If you don't want outsiders to connect to your device use a firewall.
 help



Or use NAT, which is actually better solution, because misconfigured NAT won't expose your whole network, while misconfigured firewall will.

Well, actually it will. In fact, even correctly configured NAT won't stop connections into your network.

On top of that, it lulls you into a false sense of security, so you confidently think it's protecting you even when it isn't. At least not having NAT makes the actual state of your network clearer.


> even correctly configured NAT won't stop connections into your network.

Yeah that's called port forwarding. It is like complaining that light is coming into your house through windows. Fully intentional.


Port forwarding requires a port forward rule that matches the inbound connection. If there's no such rule... NAT won't stop the connection, it will just ignore it.

If no other aspect of your setup blocks the connection, it'll be successful. If you were deploying NAT because you thought it would function as a firewall then this part is probably not intentional.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: