Networking › Module 5 › Lesson 1
NAT, Firewalls & Routers
How NAT hides internal hosts and how firewalls filter traffic
Opening
The edge of your network
Home and office devices share one public IP thanks to NAT. Routers forward traffic; firewalls decide what is allowed. Understanding this boundary explains why port scans from the internet behave differently than scans from inside the LAN.
1. Routers — Forwarding Between Networks
A router connects networks and forwards packets based on routing tables. Your default gateway (often 192.168.x.1) sends traffic destined for the internet out through the ISP. Routers may run DHCP, DNS relay, and NAT—all in one box.
2. NAT — Network Address Translation
NAT maps many private IPs (10.x, 172.16–31.x, 192.168.x) to one or few public IPs. Outbound: internal host 192.168.1.50:54321 → router rewrites source to public IP:ephemeral port. Inbound: unsolicited traffic to the public IP is dropped unless port forwarding maps it to an internal host. NAT is not a firewall by itself, but it hides internal topology from casual external discovery.
3. Firewalls — Allow and Deny Rules
Stateful firewall
Tracks connections—allows return traffic for outbound sessions automatically.
Rule basics
Match source/dest IP, port, protocol; action permit or deny.
Host firewall
ufw, firewalld, or Windows Firewall on the endpoint—last line when traffic reaches the host.
4. Security Perspective
Attackers probe for open ports past the firewall. Defenders default-deny inbound, expose only required services, and log denied attempts. VPN and zero-trust models extend protection when users work outside the trusted LAN.
Knowledge Check
NAT primarily allows:
Multiple choice
Knowledge Check
A stateful firewall:
Multiple choice
Knowledge Check
Private IP ranges are used internally because:
Multiple choice