>> [...packet-rewriting want...]

> 	This should work just fine with a ipnat rule like:
> rdr ppp0 132.206.78.1/32 port=23 -> 132.206.78.1 port=7575 tcp
> (or
> rdr ppp0 132.206.78.38/32 port=23 -> 132.206.78.1 port=7575 tcp
> 	if you actually want connections to 132.206.78.38.23 to
> get redirected.
> )

Oh, it's possible to be that specific?  Wonderful.  And yes, I really
want to redirect .78.38 port 23 to .78.1 port 57575, not .78.1 port 23
to .78.1 port 7575 - if I'd wanted to redirect .78.1 port 23 when using
the serial-line netlink, I could have and would have. :-)

> And, since ipnat keeps track of the connections it is currectly
> redirecting you will still be able to connect to port 7575 normally.

Oh, ick.  I really don't want anything stateful; these connections
sometimes sit idle for long periods, and I don't want one to get killed
because the gateway box got rebooted.

It sounds as though ipnat does too much - I want its packet matching
and rewriting engine but not the rest of it.  Is there some way to tell
it "don't keep state, just rewrite the packets"?  I can easily enough
put rdr lines on both le0 and encap0 (saying ppp0 was a mistake, I now
realize - it's really encap0 that needs the rewriting; ppp0 sees only
the encapsulation "outer" packets) to rewrite packets in both
directions, if that's what it takes.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B