I was curious if there is a hard set limit to the number of static IP addresses set to a given interface? Or, if not, a practical limit? I'd like to allow multiple (>20) public IPs to NATed clients on a NATed network. Is there a more elegant way to do this with MT?

I think you would need 20 individual statments. It would be nice if it supported the ability to dst-nat entire networks., so you could dst-nat network a.a.a.0/29 to b.b.b.0/29 with one statment. Then a.a.a.1 would be natted to b.b.b.2, and a.a.a.2 would be natted to b.b.b.2 etc.

Thanks for the reply. I've already figured out how to make it work, I'm just wondering if a MT box could handle say, a whole class C of public statics assigned to one interface which are NATed to the internal private network. Performance is what I'm really concerned about.

EDIT: To add to the question above...along with all of the statics, I'm also wondering if adding another different subnet to the internal interface and mapping the statics to those would cause any problems (while continueing to have the first subnet which serves IPs via DHCP)? I've got it working this way currently, and it runs fine. Just worried about load once this puppy is in place on a network.

Personally, I don't see load as a problem.

Whether your masquerading 2000 people behind 1 address, or your one to one mapping 256 IP's outside to 256 IP's inside, a translation is a translation. It is not uncommon for translation tables of routers to have thousands or tens of thousands of mappings. From what I understand, the MT is very optimized router, and so I think the stuff your describing would be considered minimal effect on performance. You can always check /system resources to look at the cpu load.

To signal: you should be able to src-nat or dst-nat whole networks (including a.a.a.0/29 to b.b.b.0/29). google for netfilter (iptables) DNAT and SNAT for more indepth information.