Luke-Jr: So you are saying that computers "are supposed" to be exposed to the internet with all these worms and such auto-infecting any computer it stumbles upon by attacking random IP adresses?
In the past, the security of NAT was really not necessary, but in the today era, NAT is a essential security that provides inbound protection. Without a NAT or some sort of firewall before a computer, the computer would pretty much get totally owned in about 15 minuters of connection of to the internet, even if you are not touching the computer.
Even router packaging advertises the natural NAT firewall function by a picture of a large padlock with the word "firewall" under it.
I think a UPnP function could be there, but make sure its OFF by default. Or even better, dont have any UPnP function at all, and the end user has simply to do port forwarding manually, its not rocket science to go to http://192.168
.0.1 (or whats applicable for their router) and do port forwarding of 8333 to their computer's IP adress. Then we keep code amount and possible exploit vectors at a minimum.
I wish that the stupid idea "UPnP" never got invented at all.
Yes! I know that NAT was not intended* to be a firewall from the beginning, its just a positive "bi effect" from NAT:ing multiple computers together since the NAT does not know where to send unsolicited traffic. Its not a "bug" that you call it in other threads. Call it a positive effect.
If you dont want that effect, you can always put a PC in the DMZ zone of the router. But then, if you do that, prepare for that PC to be owned by every active worm out there on the internet circulating. And then that worm will spread to all other PCs in your network since its only a switch on the LAN side of the NAT.
* At the time where NATs where invented, firewalls wasn't really necessary, the virus/worm population on the internet was relatively low. So thats why the NATs where not intended to act as firewalls. It just come as a useful feature later when virus/worm population on internet got a little too high.