Re: [dev] Logical abilities of routers

From: Jeremy <>
Date: Sun, 30 Apr 2023 16:21:18 -0700


For a typical at-home router, everything Mr. Fossy Dinx wrote is correct.

The router runs a DHCP server, which assigns IP addresses to hosts on
the network(laptops, printers, coffee maker(this is ok), TV, etc).

I know it's typically called a "smart-TV". Please understand that I'm
trying to be sensitive to the insecurities of everyone on this mailing

The router also translates the local IP addresses(,, ...)
to your public IP address(typically assigned to your router by your ISP), mapping
the connection by port, so:

1. Coffee maker( makes HTTP request to
2. HTTP Packet goes from coffee maker to router
3. Router changes the source address on the HTTP packet
        - from to router's public address,
4. Router sends the packet to
        - from to
5. sends back HTTP response to
6. Router knows it sent the coffee maker's IP packet from port 2345, so:
        - router redirects packet to (coffee maker)

That's NAT. With that, we can drop all other packets(packets which are
NOT responses to connections that you(or your coffee maker) initiated).
This is the ONLY measure necessary protect a network from REMOTE threats.

Port forwarding is just an (OPTIONAL)exception to NAT... or "reverse" NAT.

Say your coffee maker exposed a web interface that allowed you to start
making coffee remotely. All you need to do is tell your router to accept
requests to & send them to

This allows you to enter into your webbrowser(from
anywhere) & access your coffee maker's web interface.

Nothing more to a home router than that - hope it helps.

Received on Mon May 01 2023 - 01:21:18 CEST

This archive was generated by hypermail 2.3.0 : Mon May 01 2023 - 01:24:08 CEST