On Wed, 5 Dec 2001, Richard Rauch wrote:

> Is NAT a general, umbrella mechanism that tries to do everything
> (necessarily failing when it doesn't understand the protocol it's
> forwarding and the protocol carries IP addresses as data)?

Yes, precisely. As long as the protocol doesn't include IP addresses, NAT
will work transparently to you. All IP traffic will be NAT-ed, even to the
point that (as long as you don't try it to the same machine from different
machines at the same time) ping will work. You will appear to have a
normal Internet connection, just that you won't be able to connect back to
a machine behind NAT, and that protocols which transmit your IP address
will break. With the exception of ftp, which ipnat can cope with.

> I really only want a few services forwarded.  In decreasing order of
> importance: HTTP, FTP, ssh, and telnet.  (I don't need to support inbound
> connections for any of those at this point---though it might be nice at
> some time to support inbound ssh connections.)

As outgoing connections, they will "Just work". Incoming can be done with
redirect rules in the ipnat configuration.

-- 
Gillette - the best a man can forget