Yes you should. These things are shipped with a firmware that is basically a black box, it makes a connection from the inside to the outside. There is a very big misconception that NAT is a security feature
I meant that nobody can control your miner using web/ssh/snmp behind NAT
Of course SW you have running inside OS behind NAT can connect somewhere and after that receive commands