I should be working instead of following this thread, but.. Right on SerpentFly, and there is another way to prevent that rare situation where source/destination ip addresses and source/destination ports are the same and conflicting inside NAT. That would be to keep track of what the source ports were that you assigned when you NAT’d them to the outside world. I think this is how the PIX firewall does it, because the PIX definitely does reorganize/obscure the source ports, though most firewalls that I have seen do not.
