Re: IPv4 flag day

[William Herrin via NANOG <nanog () lists nanog org>]

On Thu, Jun 18, 2026 at 11:26 AM <sronan () ronan-online com> wrote:
> Can we agree NAT is NOT a Firewall first?

1:Many NAT (sometimes called PAT) uses a stateful packet inspection
firewall as an inherent part of its technology core. It can't exist
without that firewall technology.

While 1:1 NAT does exist and does not require any firewall technology,
it sees so little use that the module for stateless 1:1 IPv4 NAT was
dropped from the Linux kernel more than a decade ago.

So no, we can't agree to a statement that's objectively false.

Kinda sad that the kernel devs dropped it actually. I had a great use
for 1:1 NAT to work around an AWS limitation in 2017 but ended up
having to use Linux's stateful NAT instead.

Regards,
Bill Herrin


--
For hire. https://bill.herrin.us/resume/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/6C7KDLOEV4SQIXDMTKXQLFSEHS7KQYD2/