Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How would a server-side NAT know which Hetzner customer it should route a request to? It has an encrypted packet arriving at this shared address on port 443. You can route a shared address to the proper service based on the HTTP Host header but that can only be done by the customer using their encryption key, so no sharing an address between customers. Home LAN NAT only works because the router can change the source port used by the request so that responses are unambiguously routed to the right client.


I don't think they're saying they should support incoming connections on such a NAT, I think they're saying that servers behind the NAT would be able to make outgoing connections (e.g. to access shared resources).


Well, the answer is easy. It doesn't do any forwarding, so a random 443 packet gets dropped.

It would be the same as with home NAT. Your device can create TCP connections outbound but can't listen/accept.

It would solve the problem of not being able to communicate to another IPv4 server but it prevents you from hosting your own.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: