1. 12
  1.  

  2. 4

    This is your periodic reminder that NAT was neither designed nor architected for security.

    1. 3

      IIUC, this only works if your NAT has certain ALGs enabled.

      1. 1

        Is there any easy way to test if a NAT has this enabled or not? Many consumer routers provided by ISPs don’t offer many configuration options.

        1. 1

          Is there a straightforward way to disable the problematic ALGs? I suppose it varies by what router you’re using. I have an Eero system; its firmware is up to date, but the release history doesn’t mention any fixes for something like this.

        2. 1

          I’m wondering if these could be added to STUN like protocols to give clients that want to open direct connections more ways to connect to each other. I would not be surprised if FTP in particular was great for this.