Pekka Savola wrote: > I take it you don't comment on how > ipchains/ipfwadm NAT does this? That knowledge would also be very much > appreciated as there are still (mostly) 2.2 -kernel boxes around.
The NAT capabilities of Linux-2.2 ipchains is quite limited, only having "masquerade" NAT. It maps any number of internal IP addresses to a specific portrange on a single external IP address. There is also a related but similarly limited NAT function in Linux-2.2 for incoming traffic called PORTFW. It allows you to forward ports on the external IP address to designated servers on the inside. In both cases the NAT6 is TCP/UDP session aware. See the Linux IP Masquerad HOWTO for relatively detailed documentation of the capabilities and limitations of Linux masquerade NAT (including the port forwarding for incoming sessions). Note: The Linux-2.4 netfilter NAT capabilites are a huge leap forward compared to the ipchains/ipfwadm capabilities. Regards Henrik Nordström
