Networking noob here. I want to prevent all incoming requests except through a specific port, and that traffic is forwarded to a specific device on the network. NAT seems to do that just fine, it’s almost like a kind of firewall by itself. What kind of threats are there that requires more than just NAT for security?

  • KISSmyOS@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    You don’t know what your ISP-provided router does exactly. It may let some traffic through from the outside. It may get an over-the-air firmware update or config change at any time from your ISP. It definitely has well-known, unfixed vulnerabilities.

    Also, if you rely on NAT, you have to have 100% trust in all devices that are inside your network.