Re: NAT (Was: Is source address selection based on rules (netfilter) possible ?)



Pascal Hambourg a écrit :
You cannot rely on it. Due to the lack of standardization, there are
many different implementations of NAT.

But at least NAT put you "behind" an opaque wall, for incoming traffic. Ie. portcan or direct attacks from the outside won't be possible, at least.

Of course, it means that legit servers will also have really big troubles (including crazy standard such as H323)
.