Sigh. The NAT should be configured to look after establishing connections. What are you using for the NAT itself? What about setting up NAT to forward packets that are related to connections that are being established or that are established? And can you setup your nat so that any source port to port 22 is acceptable and the reverse?