How does one actually connect to an RFC1918 address behind a NAT without the inside connecting first?
Hey, I didn't say anything about RFC1918. We're talking about NAT here (the thing you get from doing `iptables -t nat -A POSTROUTING -o wan0 -j MASQUERADE` with netfilter, yes?). You can use RFC1918 without NAT and you can use NAT without RFC1918; they're two separate things.
It's true that running a network on RFC1918 will drastically limit the set of people that can connect to it, but a) some people (e.g. your ISP, your government) can still connect, so it's not secure, and b) RFC1918 isn't NAT, so even if you think using RFC1918 makes you secure, it's still not NAT that's doing it.
If anybody doesn't believe me, feel free to set up a few VMs and test it for yourself.