You don't need a translation table to cross interfaces.
Any router has forwarding enabled (because otherwise it's not a router and would discard packet not addressed to it), so if the packet hits WAN with an address in LAN subnet - it's just get routed if there is no explicit 'deny all from all' on WAN, on the FORWARD table, to be precise.
Surely, you can't forward the packet with dst_address in RFC1918 over the Internet, but you can do that if you are close enough.
This is the reason the NAT is not a security boundary or firewall: NAT apologists are saying what 'NAT drops anything on WAN', except it:
is not even involved if the attacker is close enough to forward the packets with your LAN subnet at your router WAN interface
doesn't help if there some established session or misconfiguration[1] which explicitly allows to access the host on the LAN subnet
Take a look at the table at [0]:
And to the chain traversal order:
Incoming packets destined for the local system: PREROUTING -> INPUT
Incoming packets destined to another host: PREROUTING -> FORWARD -> POSTROUTING
If there is no NAT rules in PREROUTING then the packet goes to the FORWARD table. And not surprisingly most systems with enabled routing (ie forwarding) would have 'allow any from any to any' there, aka ':FORWARD ACCEPT' in iptables parlance, because nobody does explicit forwarding rules by default.
