They need to stop that nonsense. NAT is not for security, and was not designed for security purposes. In fact, there are a few ways it subverts security, such as SNI in TLS making the connection less private than it could be.
If they want to block external connections, a border firewall can do the job just fine without NAT. It’s arguably better, because it doesn’t have to take NAT into account for any of its rules.
Blue_Morpho@lemmy.world 9 months ago
How do you anonymize ip addresses without effectively recreating nat using firewall rules?
frezik@midwest.social 9 months ago
Mu. Why do you feel the need to anonymize IP addresses?
Blue_Morpho@lemmy.world 9 months ago
There is no way to personally identify anyone. Right now advertisers have to jump through hoops of cookies and browser fingerprinting to identify you- which can be blocked.
frezik@midwest.social 9 months ago
They still wouldn’t. A single computer address is not an individual. They’re only slightly better off compared to knowing the edge router IP like they do now.
If you really want to protect against that, then use a proxy or an onion router. NAT was never meant to do this, and it does it poorly.
Dark_Arc@social.packetloss.gg 9 months ago
In a large cooperate network, or even a small network, there’s nothing fixing a device to a specific network address. You can shuffle those around between people entering and leaving the building and device power cycles just like DHCP does for IPv4.