I may be able help you out with the NAT port issue, for clarification. For any connection from your host to an external server, your source port number will be something above 1024 and it does not matter what that number is. The only port number that is involved in determining what service is talking is the destination port. For example, if you want to use internet explorer to connect to http://www.cowdance.com (one of my favorites) your original packet sent to http://www.cowdance.com will have a destination port of 80 and a source port number over 1024, say 1025 for example. So, getting back to the question, there is some value added in changing the source port numbers during NAT. It helps hide your internal computer(s), but most users don’t need to do that. I wouldn’t bother changing the source port unless there was a particular reason to be sneaky about your internal network. Also, you don’t have to worry about it breaking connections as long as your “state” table translation is working.