I have been trying to figure out whether NAT adds any additional functionality that I could not get with comprehensive iptables rules. In other words, if I were to specifically forward those ports that I needed from the firewall to the correct internal machines and then do the same for outgoing traffic, do I have to have to have NAT active on the firewall box?
Personally, I use iptables to NAT where necessary.
Simplified setup (assuming that you have multiple externally accessible IP addresses from ARIN/your regional IP# place):
* Masuerade internal connections through a single IP address
* DNAT traffic from the external addresses to your service hosts (http, smpt, etc.)
If you're talking about a single externally-visible IP address, then NAT is completely unnecessary.
mickey
-- [EMAIL PROTECTED] mailing list