> Once upon a time Patrick Greenwell shaped the electrons to say...
> >I agree with this wholeheartedly. I am assuming that straight NAT is
> >easier to implement, which is why it is being released first?
>
> Exactly. A slight oversimplification is that all straight NAT does is
> change the IP address in the header. A -> B on the way out and B -> A on
> the reply.
>
> Proxy-NAT needs to set up a stateful socket system where A becomes
> B:socket1, and C becomes B:socket2, etc - so a reply to B:socket1 is
> translated back to A. And since it is dynamic assignment of sockets (you
> can have more than one request from the same IP at one time too) you
> have to keep track of all the translations you've done, at least until the
> connection is dropped.
Hmmm, I wonder it it would be helpful to look at the Linux kernel
sources? They do proxy NAT.
----------------------------------------------------------------------------
Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
An ISP with Excellence in the Greater Boston Area.