C

Networking › Module 5 › Lesson 1

BeginnerModule 5Lesson 1/4

NAT, Firewalls & Routers

How NAT hides internal hosts and how firewalls filter traffic

15 min+41 XP3 quiz
Module progress1 of 4

Opening

The edge of your network

Home and office devices share one public IP thanks to NAT. Routers forward traffic; firewalls decide what is allowed. Understanding this boundary explains why port scans from the internet behave differently than scans from inside the LAN.

1. Routers — Forwarding Between Networks

A router connects networks and forwards packets based on routing tables. Your default gateway (often 192.168.x.1) sends traffic destined for the internet out through the ISP. Routers may run DHCP, DNS relay, and NAT—all in one box.

2. NAT — Network Address Translation

NAT maps many private IPs (10.x, 172.16–31.x, 192.168.x) to one or few public IPs. Outbound: internal host 192.168.1.50:54321 → router rewrites source to public IP:ephemeral port. Inbound: unsolicited traffic to the public IP is dropped unless port forwarding maps it to an internal host. NAT is not a firewall by itself, but it hides internal topology from casual external discovery.

3. Firewalls — Allow and Deny Rules

  • Stateful firewall

    Tracks connections—allows return traffic for outbound sessions automatically.

  • Rule basics

    Match source/dest IP, port, protocol; action permit or deny.

  • Host firewall

    ufw, firewalld, or Windows Firewall on the endpoint—last line when traffic reaches the host.

4. Security Perspective

Attackers probe for open ports past the firewall. Defenders default-deny inbound, expose only required services, and log denied attempts. VPN and zero-trust models extend protection when users work outside the trusted LAN.

Knowledge Check

1

NAT primarily allows:

Multiple choice

Knowledge Check

2

A stateful firewall:

Multiple choice

Knowledge Check

3

Private IP ranges are used internally because:

Multiple choice

← Previous

Answer all 3 knowledge checks to continue. (0/3 answered)