And for those who think tha NAT is security feature. Just set simple rule on your router equivalent to NATing:
OUTBOUND: allow all
INBOUND: deny all
It is even better (stronger), because you can't bypass it by NAT punching techniques. And if you need inbound connection, just allow that one in FW instead of port forwarding. It is not more complex than with NAT.