Adam Kalsey

This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.

Security & Privacy

NAT is not a firewall

8 Oct 2003

I’m having trouble getting a Linksys USB wireless adapter to connect to my network, so I called Linksys tech support. Besides not fixing my problem, the support tech told me repeatedly that I don’t need to use a firewall because my Linksys router contains one.

Many vendors of home networking equipment advertise that their broadband routers contain a built-in firewall to enhance security. What they are referring to is a technology called Network Address Translation (NAT). A NAT router simply denies incoming traffic that it doesn’t understand. That’s one function of a firewall, but not the only one.

NAT is the technology that lets more than one computer share an Internet connection with only a single IP address. The Internet Connection Sharing feature that comes with recent versions of Windows is a NAT router. A very simplistic description of how NAT works is that none of the computers behind the router is on the public Internet. The router forwards outgoing requests from computers out to the Internet. When the server replies, the NAT router remembers which machine it was that made the request and forwards the reply back to it.

If network traffic comes into the NAT router that isn’t the result of a machine making an outbound request, the NAT router doesn’t know where to send that network traffic. So that traffic gets ignored. It doesn’t get sent anywhere at all. The fact that an outside computer can’t arbitrarily connect to computers behind the NAT router is a byproduct of how NAT works and is why the router companies call their products firewalls.

The protection offered by NAT is very limited. It will keep an attacker from sending Messenger popup spams to your computer. It will keep people from connecting to services and backdoors installed on your computer. But it won’t keep trojans, viruses, and other malicious software from connecting to the Internet from your computer. It won’t prevent unauthorized network traffic from leaving your computer and going onto the Internet. That’s what modern firewalls do.

I know someone will point out that my description of NAT is a gross simplification and isn’t entirely accurate, so I’m going to mention up front that I know that. But it does explain the concepts of NAT, why vendors call it a firewall, and why it isn’t good enough security by itself. If you want, you can read more about how NAT works, including all sorts of highly technical details about packet routing, different forms of NAT, and how Linux implements NAT. Netgear also makes a home router that also contains a true firewall, so their Web site explains the differences.

Recently Written

Your OKR Cascade is Breaking Your Strategy
Aug 1: Most companies cascade OKRs down their org chart thinking it creates alignment. Instead, it fragments strategy and marginalizes supporting teams. Here's what works better than the waterfall approach.
Your Prioritization Problem Is a Strategy Problem
Jul 23: Most teams struggle with prioritization because they're trying to optimize for everything at once. The real problem isn't having too many options—it's not having a clear strategy to choose between them. Without strategy, every decision feels equally important. With strategy, most decisions become obvious.
Behind schedule
Jul 21: Your team is 6 weeks late and still missing features. The solution isn't working harder—it's accepting that your deadlines were fake all along. Ship what you have. Cut ruthlessly. Stop letting "one more day" turn into one more month.
VC’s Future Lies In Building Winners
Jun 21: AI and megafunds are about to kill the traditional venture model, forcing smaller VCs to stop hunting for hidden gems and start rolling up their sleeves to fix broken companies instead.
Should individual people have OKRs?
May 14: A good OKR describes and measures an outcome, but it can be challenging to create an outcome-focused OKR for an individual.
10 OKR traps and how to avoid them
May 8: I’ve helped lots of teams implement OKRs or fix a broken OKR process. Here are the 10 most common problems I see, and what to do instead.
AI is Smart, But Wisdom Requires Judgement
May 3: AI can process data at lightning speed, but wisdom comes from human judgment—picking the best imperfect option when facts alone don’t point the way.
Decoding Product Leadership Titles
Mar 18: Not all product leadership titles mean what they sound like. ‘Head of Product’ can mean anything from a senior PM to a true VP. Here’s how to tell the difference.

Older...

What I'm Reading