Hope this message finds you well, onto the subject matter:

This is regarding public > RPAT/NAT/PAT > private IP addresses.

http://www.jumpernetworks.com/rpat.pdf wrote:

>While it is true that incoming connections are impossible
>we can take additional measures to enable them, but they
>are not part of the masquerading code. We could, for an
>example, set up the NAT* device so that it relays all
>connections coming in from the outside to the telnet*-port
>to a host on the inside. However, since we have just one IP
>that is visible outside for enabling incoming connections for
>the same service but for different hosts on the inside we
>must listen on different ports on the NAT*device, one for each
>service and internal IP. Since most applications listen on
>well* known ports that cannot be easily (and transparently!)
>changed, this is quite inconvenient and often no option,
>especially not for public services.
>The only solution is to have
>as many (external) IPs as the number of services that shall be

What do you think it means by 'number of services'?
Number of different types of services running on all machines behind
NAT [1], or number of machines running services [2] or do you think it
means literally number of services [3].

Scenario [1]:
2 ftp boxes = 1 service = 1 external ip = nonsense (dissproves

Scenario [2]:
2 boxes, 1 web, 1 not providing service = 1 machines running service =
1 ext IP = kind of makes sense but im not sure?.. read on

Scenario [3]:
2 boxes , 1 web and 1 ftp and telnet = 3 services = 3 ext IP's = I see
that as 2 ext IP's too many...

>An external IP can still be shared by ter different
>services, and then be remapped to different internal IPs using NAT.

I dont comprehend this last paragraph, could someone translate it into