The 10000:40000 part of the line does not mean to route ports 10000:40000 but rather to change the source port numbers. All outgoing tcp connections have a source port numbers - a port number on the machine you are connecting to (which is always the same, like port 23 for telnet) and the port number on your local machine (which changes almost randomly). Most TCP/IP stacks on computers provide source port numbers that are less than 10,000....maybe less than 5000 even. If more than one computer on your LAN were to accidently use the same source port number, ipnat would become confused as to which computer information is supposed to be sent to, and that would cause problems. So it picks a number between 10000 and 40000 as your outgoing source address, and (probably) makes sure that the port number it picks isn't one that another connection is using.

Picking 0:40000 would be A Bad Thing because the machine ipnat is running on does not use ipnat to connect to machines on the internet...so it has a source address which is less than 10000. If it assigns the same port number to a connection from an ipnatted machine that the localhost already has used for one of its connections, something bad might happen (IP problems, maybe a crash).

Well, maybe not, but I just chose the safe route of 10000:40000 so as not to come across a situation where I'd have that happen. I guess it's a good idea for you to do that too, I guess.

It's also cool to sometimes see what connections are coming from machines inside your LAN and which from the ipnat computer. (To do this, type "netstat" on the un*x computer you are logging into on the internet somewhere). Whatever source port numbers that are less than 10000 are from the gateway machine, and those that have source port numbers greater than 10000 are from a machine on the internal LAN.

If any material here is presented incorrectly, please email me and tell me about it.

Click here for disclaimer.