Actually it’s simple than “NAT”, technically. Normally when we said “NAT”, it’s not just NAT (Network Address Translate), but a NAT plus a stateful firewall (see documents below). The conntrack here is a stateful firewall as in “NAT”. And compare to create a map from (paddr, pport) to (iaddr, iport) and match the later, it’s more simple to just match suffix of address.
ESPHome has supported Thread since 2025.6.0b1. But Matter support still need more time.
deleted by creator
If I go for SLAAC with privacy extensions and I keep paying for a static IP (v4 & v6) to my ISP then I can’t implement any firewall rules for specific devices as devices will change their IP regularly. And its even worse if I don’t pay for a static IPv6 prefix.
I don’t know which firewall software you used. But if you use nftables, which support suffix match and conntrack for TCP/UDP, you can block all new (identified by conntrack) income (since privacy extension design for outcome) and allow income with specific suffix (for SLAAC with EUI-64, it will stable), needn’t care about which prefix was used.
It “converts” from and to Ethernet frames, of course. There is not actual L2 difference between PON network and normal fiber ethernet network. In simplified description, it just replace active switch with passive optical splitter.
Yes. Like fiber ethernet, differnet speed need different ONT. But noteworthy, there are some different standards for the same speed level, they are incompatible. For example, EPON and GPON, they are both for 1GbE but incompatible.
There are some code updates to refactor API call two months ago on Codeberg.