SNAT to multiple address (clients need to keep the same IP)

[Ryan]

I have a linux box running 2.4 using netfilter and SNAT to provide internet
service to a group of clients. Because there are so many client computers,
we have a large block of IP addresses that those internal computers map to
(i.e. iptables -t nat -A POSTROUTING -o $INTERNETINTERFACE -j SNAT --to
1.2.3.4-1.2.3.124). Since SNAT chooses a new source address each time a
connection is established (I know this is the documented behavior), this
breaks a few services (i.e. AOL instant messenger, VPN clients, etc.) who
need all the connections to originate from the same IP. While I've kind of
just hacked a solution for individual services, I don't see this as very
adequate. Are there any recommendations for how to setup NAT so that all the
connections from a single client are mapped to a single IP address on the
internet interface? I saw there is a target SAME in the patch-o-matic
directory, but since it was in the main kernel, I just wanted to see how
stable is was in use before considering using it with clients who need their
Internet up all the time. Thanks for any help in advance!

Ryan
ryan@vbnet.net