1. NAT behavior is highly inconsistent, making hole‑punching unreliable
- “RFCs may say that simultaneous connect must be allowed, but that doesn’t mean that firewalls can’t block it.” – cperciva
- “In my experience most consumer routers are dumber than you’re assuming they are, and will DNAT any inbound TCP packet that matches the 4‑tuple after seeing the initial outbound SYN, including an inbound SYN.” – jcalvinowens
- “If you are trying to break through a firewall you don’t own then that’s not legitimate.” – hdgvhicv
2. IPv6 is promoted as a cure‑all, but it has its own hurdles
- “Why not use plain IPv6 instead?” – eptcyka
- “IPv6, please, come on, meh.” – sylware
- “IPv6 kills NAT is optimistic, plenty of orgs still stack private addressing and firewalls on top.” – hrmtst93837
3. The practicality and legitimacy of NAT‑traversal techniques are debated
- “The algorithm is elegant but assumes the NAT device preserves the source port.” – abcd_f
- “If you are trying to break through a firewall you don’t own then that’s not legitimate.” – hdgvhicv (repeated)
- “The standard way to do it is called ipv6.” – aboardRat4
These three themes capture the core of the discussion: the messy reality of NAT, the mixed promise of IPv6, and the ongoing debate over whether and how to legitimately punch holes through firewalls.