Henry Nelson wrote:

> > map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 40000:60000
>                       ^^                                       ^^^^^^^^^^^
> As for the mask, I've seen /26, even /28, recommended so that no IP traffic
> for the system itself gets translated.  Very foggy on what that would mean.

  This is simply the number of bits to take into account.  /24 is
equivalent to a netmask of 255.255.255.0.  This number should represent
the range of addresses on your local, private net you want to translate
(which means that in most cases it should match your netmask).

> etc. etc. are to be seen in the scattered documentation.  *Why* say
> "40000:60000?"  What's the reason, advantage, whatever?

  It doesn't really matter.  The range should be large enough to
accommodate a reasonable number of concurrent connections (20000 in the
above case is more than enough, if you reach that number, you will be
having other problems :-).  Also, you should make sure that this range
does not interfere with local ports (on the NAT machine), otherwise
daemons there might have troubles binding to a specific port. 
Therefore, usually ranges starting from 10000 or higher are used ...

  Cheers
      ,
   Rene