Steven J. Hathaway wrote:
> This is a network feasibility question.
>
> Do you know which of the following firewalls can perform a reverse
> address translation?
>
> Checkpoint Firewall-1
> Netfilter (IPtables)
> CISCO IOS Firewall
> CISCO PIX Firewall
>
> The issue is to map a specific external IP address or transport domain
> address onto a
> local network IP address. The result of which would allow a workstation
> or server on the
> local network to establish a session to a remote host by virtue of
> addressing data to the
> virtualized local IP address.
>
> [snip]

They can all do one-to-one NAT. Depending upon how your ISP connection
is configured, you may also need to set up proxy arp for the "virtual"
addresses (if they're truly virtual).

One-to-one means just that. One external address to one internal
address. There's no dynamic remapping like many-to-one (10.x internal
with a single external). So if you want a bunch of machines to be
visable externally, you need that many IP addresses, generally.
(Sometimes you can overlap if each internal machine offers different
services, but that's getting a bit trickier than your question.)