> Is NAT supported by eDirectory replication ?

As Edward said, no, it's not supported - and it can't be made to work.
The best solution is to use a VPN that presents a real, routable address
to all servers.

Server addresses are embedded in the NCP objects. NAT messes with the IP
addresses, so even if you get port forwarding in place, things like ncp
ping will fail since they're going to be sent to the IP address of record
(which is updated automatically on the server every time the limber
process runs - so even if you manually tweaked the addresses, it'd be
changed every time that process runs and you'd lose connectivity).

