Static NAT Adds No Security
- NAT is helpful in securing your network because it hides your internal network architecture from the hostile outside world. Since there is not a route from the outside world to the internal addresses and back trivial attacks will be stopped at the border. Static NAT on the other hand maps a particular externally routable address to a specific internal address. As such anyone connecting to that external address will be passed directly on to the internal network as if they had connected directly without NAT.
- While the only machines that can be directly attacked are those that have a static mapping any time
you make one machine more vulnerable you are making the entire network more vulnerable.