Hope this message finds you well, onto the subject matter:

This is regarding public > RPAT/NAT/PAT > private IP addresses.

http://www.jumpernetworks.com/rpat.pdf wrote:

>While it is true that incoming connections are impossible
>we can take additional measures to enable them, but they
>are not part of the masquerading code. We could, for an
>example, set up the NAT* device so that it relays all
>connections coming in from the outside to the telnet*-port
>to a host on the inside. However, since we have just one IP
>that is visible outside for enabling incoming connections for
>the same service but for different hosts on the inside we
>must listen on different ports on the NAT*device, one for each
>service and internal IP. Since most applications listen on
>well* known ports that cannot be easily (and transparently!)
>changed, this is quite inconvenient and often no option,
>especially not for public services.
>The only solution is to have
>as many (external) IPs as the number of services that shall be
>provided.


What do you think it means by 'number of services'?
Number of different types of services running on all machines behind
NAT [1], or number of machines running services [2] or do you think it
means literally number of services [3].

Scenario [1]:
2 ftp boxes = 1 service = 1 external ip = nonsense (dissproves
solution)

Scenario [2]:
2 boxes, 1 web, 1 not providing service = 1 machines running service =
1 ext IP = kind of makes sense but im not sure?.. read on

Scenario [3]:
2 boxes , 1 web and 1 ftp and telnet = 3 services = 3 ext IP's = I see
that as 2 ext IP's too many...

>An external IP can still be shared by ter different
>services, and then be remapped to different internal IPs using NAT.


I dont comprehend this last paragraph, could someone translate it into
context?

--
http://higeo.com