Security gain from NAT (was: Re: Cool IPv6 Stuff)

Nicholas Suan nsuan at
Tue Jun 5 13:39:58 UTC 2007

On 6/5/07, David Schwartz <davids at> wrote:
> Combined responses to save bandwidth and hassle (and number of times you
> have to press 'd'):
> --
> > Just because it's behind NAT, does not mean it's unreahcable from the
> internet:
> Okay, so exactly how many times do you think we have to say in this thread
> that by "NAT/PAT", we mean NAT/PAT as typically implemented in the very
> cheapest routers in their default configuration?

Even the cheapest routers have a 'DMZ' configuration option that adds
a rule that, by default, sends all the traffic to a particular host.
And using that is a fairly common solution to bypassing problems with
port forwarding and NAT.

More information about the NANOG mailing list