On Wed, 13 Mar 2002, Martin Husemann wrote:

: I verified that you can do 1:1 NATs and clamp thereby, without actually
: touching IP addresses:
:
: List of active MAP/Redirect filters:
: map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  portmap tcp/udp 40000:42999 mssclamp 1452
: map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  mssclamp 1452

The presence of `portmap' means that you're still fiddling with port
numbers, even if the IP address of the machine does not change.  Plus, given
the configuration above, you'd have to have multiple rules for every single
machine behind the gateway, rather than just saying "connections through
interface foo0 need mssclamping".  This is still biased to NATted machines.

Again, it doesn't belong in NAT unless you can come up with a map rule that
allows addresses and port of multiple real-IP machines to pass through
untouched.

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  Wasabi & NetBSD:  Run with it.
-- CDs, Integration, Embedding, Support -- http://www.wasabisystems.com/