A NATing firewall may have a larger idea of what's inside than localhost, but a port can't always be moved behind such NATs or closed. – ǝɲǝɲbρɯͽ Jan 10 '15 at 23:06 @rook - if I connect to SQL Server via SSMS over the public internet, that would surely count as the database port open to the world?

[SOLVED] Whether ufw iptables support nating & Mac address Mar 05, 2012 [SOLVED] Configuring firewalld to act as a router - CentOS Aug 20, 2015 Firewall Wizards: RE: nating - Full Disclosure

So a firewall has to be configured to allow UDP traffic to these ports. BlueJeans uses TCP/UDP 5000 - 5999. H.323 records the hosts' IP address in the payload of the packet. This causes problems if NAT is involved, since the H.323 packets will contain the private IP and not the translated public IP.

How Network Address Translation Works | HowStuffWorks So what does the size of the Internet have to do with NAT? Everything! For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address.An IP address (IP stands for Internet Protocol) is a unique 32-bit number that identifies the location of your computer on a network. Basically, it works like your street address -- as a way to find out exactly NATing two public IPs to one private IP - Cisco Community

NAT is a Firewall. And It's not an opinion. It's a fact. Looking into the definition of Firewall: A firewall is "a system or combination of systems that enforces a boundary between two or more networks." National Computer Security Association's standard Firewall Functional Summary template. A NAT creates exactly that sort of boundary.

Now on to how this differs from firewall.-----Clients who think NAT suffices as a firewall have a misunderstanding of these two functions: Think of NAT as the old mailroom at a corporation. Inbound packages coming to the corporate address is reviewed and the mailroom adds the recipient's cube number for inside delivery.