Support for NAT’d networking

[DemiMarie]

I would like to be able to run a program in a network namespace, but with the ability to act as a network client (but not server). This can be done via NAT.

This would not expose the full generality of netfilter ― merely NAT (both IPv4 and IPv6).

A typical use-case is running a program that exposes an insecure TCP server on loopback, but also needs to be able to make TCP requests to the Internet.