So you actually agree with me, that making all addresses public was stupid to begin with. It was stupid on IPv4 and it remain stupid on IPv6, yet we already have experience from IPv4 that it was stupid.
> So you actually agree with me, that making all addresses public was stupid to begin with.
If an address is not public how can you start an connection from it, or end a connection at it? A web server needs a public address if you want to have people reach it. And you, at some point, also have to have a public address if you want to connect to pubic services: either on your end-host, at your CPE/router's WAN interface, or on an interface of your ISP's CG-NAT box.
But having a public address on your end-host also allows for much more functionality than if you were stuck behind CPE-NAT or CG-NAT. Now, you don't have to use this functionality—just like how I didn't when my printer gets an publicly addressable (but not publicly reachable) IPv6 address—but it opens up various possibilities.
Well, actually it will. In fact, even correctly configured NAT won't stop connections into your network.
On top of that, it lulls you into a false sense of security, so you confidently think it's protecting you even when it isn't. At least not having NAT makes the actual state of your network clearer.
Port forwarding requires a port forward rule that matches the inbound connection. If there's no such rule... NAT won't stop the connection, it will just ignore it.
If no other aspect of your setup blocks the connection, it'll be successful. If you were deploying NAT because you thought it would function as a firewall then this part is probably not intentional.
