Networking noob here. I want to prevent all incoming requests except through a specific port, and that traffic is forwarded to a specific device on the network. NAT seems to do that just fine, it’s almost like a kind of firewall by itself. What kind of threats are there that requires more than just NAT for security?

  • kevincox@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    8 months ago

    There are also issues like NAT hole punching and guessed port attacks that can get through NAT. This typically isn’t a major problem because actually getting a connection will be very difficult but if your NIC or kernel has a bug it may be possible to trigger it with a packet or two.