alt Hacker NewsIt's just one firewall rule at the border to block all inbound traffic to a subnet or a range unless related to an outbound connection. Now you have identical security to a NAT. The huge win is you can forget about port forwarding and later just open the ports you need to the hosts you need or even the whole host if required.
Is it really identical when the receiving party can now identify every workstation at your internal network and track them separately?
For example, any website can now not only log that the traffic originated from org A, but specifically from org A, workstation N.
I wonder, is privacy implication is not important enough for people to worry about this?