In some email I received from Todd Vierling, sie wrote:
> On Wed, 13 Mar 2002, Martin Husemann wrote:
> 
> : I verified that you can do 1:1 NATs and clamp thereby, without actually
> : touching IP addresses:
> :
> : List of active MAP/Redirect filters:
> : map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  portmap tcp/udp 40000:42999 mssclamp 1452
> : map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  mssclamp 1452
> 
> The presence of `portmap' means that you're still fiddling with port
> numbers, even if the IP address of the machine does not change.  Plus, given
> the configuration above, you'd have to have multiple rules for every single
> machine behind the gateway, rather than just saying "connections through
> interface foo0 need mssclamping".  This is still biased to NATted machines.

You should have actually read his entire email then, which pointed out
that "portmap" wasn't needed and was pretty much only there because he
was too lazy to remove it (or some such).