Re: A short and inaccurate history of NAT routers in the home
"Anybody that can send packets to your router with a dest IP set to 192.168.1.x can connect to your LAN machines regardless of any NAT going on on the router."
On an IMPROPERLY CONFIGURED router, yes. It's not that hard to create rules to block all incoming AND outgoing connections to/from RFC1918 addresses. I would assume that router makers would be smart enough to do this. If not, I'd like a list of FAIL, please...
Or the other choice: use 'bridge mode' on whatever 'thing' plugs into the intarweb, and firewall it with your OWN 'dual home' box, running Linux or FreeBSD. You could even set it up as an IPv6 gateway, via a free IPv4/IPv6 tunnel. Yeah. I do that.