Nice intro on NAT:
Source IP addresses are changed to the exterior IP address of the Nat Host
Source Port numbers are changed to a unique value
transalted session must be saved in a state table.
Return traffic is matched in the state table and destination IP and port numbers are modified accordingly.
- impossible to map the real topology of the network.
- interior hosts are NOT reachable from the internet.
IP masquerading IS NOT a TRUE NAT implementation.(Linux 2.2.x kernels)
Linux 2.4.x kernels uses IPTables which provides NAT. It is TRUE NAT.