Is NAT can provide some kind of protection?

Scott Helms khelms at
Wed Jan 12 14:44:27 CST 2011

No it really doesn't.  Thank you for leaving the key word when you 
quoted me (configured).  The difference is the _default_ behavior of the 
two.  NAT by _default_ drops packets it doesn't have a mapped PAT 
translation for.  Home firewalls do not _default_ to dropping all 
packets they don't have a rule to explicitly allow.  The behaviors when 
configured by someone knowledgeable behave the in a similar fashion 
(allowing packets that are configured to pass and dropping all others) 
but end users don't do that as a rule.

On 1/12/2011 3:31 PM, Chris Adams wrote:
> Once upon a time, Scott Helms<khelms at>  said:
>> Few home users have a stateful firewall configured
> Yes, they do.  NAT requires a stateful firewall.  Why is that so hard to
> understand?

Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
Looking for hand-selected news, views and
tips for independent broadband providers?

Follow us on Twitter!

More information about the NANOG mailing list