On Mon, 11 Mar 2002, Martin Husemann wrote:

:  - It should be part of IP-Filter. Doing NAT is a good excuse to touch
:    parts of packets we never should touch when acting as a router.

This doesn't help machines that have *real* IP addresses behind the router.

It doesn't belong in ipnat.  It's a hack to begin with (even with NAT, you
can manually modify the MSS of the internal boxes), but if it's to be added,
it needs to be applied uniformly to NAT or non-NAT internal machines.

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  Wasabi & NetBSD:  Run with it.
-- CDs, Integration, Embedding, Support -- http://www.wasabisystems.com/