Networking noob here. I want to prevent all incoming requests except through a specific port, and that traffic is forwarded to a specific device on the network. NAT seems to do that just fine, it’s almost like a kind of firewall by itself. What kind of threats are there that requires more than just NAT for security?

  • nothacking@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    10 months ago

    Security from what? Get a threat model.

    A NAT will restrict connections from the internet, but won’t stop attacks from your local network. As your network grows, it might be a good idea to isolate shitty IOT devices (firmware is often full of holes), home internet and sensitive devices like cameras.

    • kevincox
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 months ago

      There are also issues like NAT hole punching and guessed port attacks that can get through NAT. This typically isn’t a major problem because actually getting a connection will be very difficult but if your NIC or kernel has a bug it may be possible to trigger it with a packet or two.